# Exploit Title: ProActive CMS Multiple Vulnerabilities
# Google Dork: intext:"Powered by Proactive CMS"
# Exploit Author: Rafay Baloch
# Vendor Homepage: http://www.proactivecms.com
# Tested on: Linux
Stored Cross Site Scripting:
http://professional.inbusiness.com.au/admin.php?action=newuser
Insert Your Payload:
">
The newuser field does not properly sanitize the input, resulting in a
Stored
XSS.
An Open redirect issue also found:
POC:
http://professional.inbusiness.com.au/admin.php?action=http://rafayhackingarticles.net
Just, replace http://rafayhackingarticles.net with your own domain.
Missing CSRF Tokens:
Most of the forms are missing with CSRF tokens, To be honest one of the
most insecure
cms i have ever seen.
http://professional.inbusiness.com.au/admin.php?action=edituser&id=24
The following POC, could be altered to use it to alter a user's detail.
RHA:
http://rafayhackingarticles.net
http://twitter.com/rafaybaloch