I'm in the process of documenting the many ways in which an application is terrible. One of those ways is that it's vulnerable to SQL injection. It's not completely open, but you can manipulate a few ...
Results that may be inaccessible to you are currently showing.
Hide inaccessible results
Feedback