Vulnerability Found in tatasky.com

Vulnerability Found in tatasky.com

One of most famous satlite based TV site is www.tatasky.com is vulnerable to non-persistent cross site scripting (XSS) attacks.
Site has one of highest traffic by India and many other countries.

Demo: 

One more thing there is also some kind of injection in tatasky.com
and i also got Data Base of site. But there is some kind encryption which is creating problem.

These are Tables of site:

Membres membre connexion nom hachage adresse e-mail arquivo authentification usr_pw userpasswd title telephone pwd1 pswd POWER pe_aduser Numer note musername msn mpassword memberid member_id key glmm adminpsw xar_name about lastname temppasword temp_pass page store4 store1 store spacer sid setting session_member_login_key secretquestion secretanswer search number nick nc last_ip kpro_user ipaddress index images homepage hash group_name full fjalekalimi emer e-mail cvvnumber] customers_password customer crack converge_pass_salt converge_pass_hash contact conf client cc_type cc_owner cc_number authentication authenticate auth aim aid pword punetoret psw privacy personal_key perdorimi passwort passwordsalt passwd passw pass1word pass_w pass_hash p_word myusername mypassword my_name nome mima mempassword member mem_passwd lozinka logo loginkey login_pw login_admin usrs usrpass usrnm usrnam usr_pass usr_name userpw userlogin userip userid user1 user_usernm user_username user_uname user_un user_pwrd user_pwd user_passw user_n user_login user_level user_email uPassword tusername building now un uid u_password u_name adminusername adminuserid adminuser admins adminpaw adminpass adminname adminmail adminlogin administrators administrator_name secret_code code loginpwd loginpass loginpasswd loginpassword tukhoa pas accountname aname u_id ten tennguoidung tenquantri tendn admin_password admin_pass admin_name fldpwd flduserpass fldpassword fldpass accnts access permission pwd login_name user_name uname user password

Just to confirm i am not joking :P

Dr Ninja Logging out!