Introduction Acknowledgments Vulnerabilities Summary Local File Inclusion Leading to Potential Remote Code Execution in DerbyNet’s kiosk.php Unauthenticated SQL Injection via ‘where’ Clause in Award Document Rendering Unauthenticated SQL Injection via ‘where’ Clause in Racer Document Rendering Unauthenticated SQL Injection via ‘classids’ Parameter in ajax/query.slide.next.inc Unauthenticated XSS Vulnerability in ./inc/kiosks.inc Unauthenticated XSS in racer-results.php Unauthent...
