go to http://www-student.cse.buffalo.edu/CSE442-542/2018-Summer/team04/feedbackform
fill out form normally then...
In any of the description fields type in order to test for HTML Injection paste this:
My mother has <span style="color:blue;font-weight:bold">blue eyes and my father has <span style="color:darkolivegreen;font-weight:bold">dark green eyes.
Check professor panel and see if the text color has changed
Script for test case
SQL Injection:
go to http://www-student.cse.buffalo.edu/CSE442-542/2018-Summer/team04/login.php
insert ' or 1-- as username
3 password leave blank