I was bored and thought come on lets find and report some security flaws.
I wanted to do it via my preferred ‘Google hacking’.
However after a few minutes I was faced to an university website where it looked like the content was directly extracted out of the DB.
The guess was completely correct! And.. felt like nearly always… the POST variable was vulnerable for my beloved SQLi.
A simple single quote broke the site completely with standard ‘You have an error in your MySQL syntax…’.
As a security interested person and even as a computer scientists I just could not believe this.
The most horrible fact on this is that it was the computer science faculty where you could guess they should know that they do.
After that finding I reported this security issue to their webmaster and they were really thankful to me and they resolved the issue with their site.