Advisory ID: HTB23200 Product: Seo Panel Vendor: www.seopanel.in Vulnerable Version(s): 3.4.0 and probably prior Tested Version: 3.4.0 Advisory Publication: January 29, 2014 [without technical details] Vendor Notification: January 29, 2014=20 Vendor Patch: May 15, 2014=20 Public Disclosure: May 16, 2014=20 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-1855 Risk Level: Medium=20 CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://w= ww.htbridge.com/advisory/ )=20 ---------------------------------------------------------------------------= -------------------- Advisory Details: High-Tech Bridge Security Research Lab discovered two vulnerabilities in Se= o Panel, which can be exploited to perform Cross-Site Scripting (XSS) attac= ks agains users of the vulnerable application to steal their sensitive data= =2E 1) Two Cross-Site Scripting (XSS) in Seo Panel: CVE-2014-1855 1.1 The vulnerability exists due to insufficient sanitisation of user-suppl= ied data in "capcheck" HTTP GET parameter passed to "/directories.php" scri= pt. A remote attacker can trick a logged-in user to open a specially crafte= d link and execute arbitrary HTML and script code in browser in context of = the vulnerable website. The exploitation example below uses the "alert()" JavaScript function to di= splay "immuniweb" word: http://[host]/directories.php?capcheck=3D1%22%20onmouseover%3dalert%28%22im= muniweb%22%29;%20%22&dir_name=3D&google_pagerank=3D&langcode=3D&pageno=3D8&= sec=3Ddirectorymgr&stscheck=3D1 1.2 The vulnerability exists due to insufficient sanitisation of user-suppl= ied data in "keyword" HTTP GET parameter passed to "/proxy.php" script. A r= emote attacker can trick a logged-in user to open a specially crafted link = and execute arbitrary HTML and script code in browser in context of the vul= nerable website. The exploitation example below uses the "alert()" JavaScript function to di= splay "immuniweb" word: http://[host]/proxy.php?keyword=3D1%22%20onmouseover%3dalert%28%22immuniweb= %22%29;%20%22&status=3Dactive ---------------------------------------------------------------------------= -------------------- Solution: Update to Seo Panel 3.5.0 More Information: http://forum.seopanel.in/viewtopic.php?f=3D7&t=3D10978 ---------------------------------------------------------------------------= -------------------- References: [1] High-Tech Bridge Advisory HTB23200 - https://www.htbridge.com/advisory/= HTB23200 - Two Cross-Site Scripting (XSS) Vulnerabilities in Seo Panel. [2] Seo Panel - http://www.seopanel.in/ - World's first seo control panel f= or multiple websites. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - in= ternational in scope and free for public use, CVE=C2=AE is a dictionary of = publicly known information security vulnerabilities and exposures. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to = developers and security practitioners, CWE is a formal list of software wea= kness types. [5] ImmuniWeb=C2=AE SaaS - https://www.htbridge.com/immuniweb/ - hybrid of = manual web application penetration test and cutting-edge vulnerability scan= ner available online via a Software-as-a-Service (SaaS) model. ---------------------------------------------------------------------------= -------------------- Disclaimer: The information provided in this Advisory is provided "as is" a= nd without any warranty of any kind. Details of this Advisory may be update= d in order to provide as accurate information as possible. The latest versi= on of the Advisory is available on web page [1] in the References.