DZOIC Handshakes 'fname' Parameter SQL Injection Vulnerability

DZOIC Handshakes 'fname' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example exploit is available:

http://www.example.com/dzoic/index.php?handler=search&action=perform&search_type=members&fname=[Sql Injection]&lname=jakson&email=1@www.example2.com&handshakes=0&distance=0&country=0&state=0&city=0&postal_code=12345&online=on&with_photo=on&submit=Search