On many forums a blind SQLi is possible ... like this link -> domain.com/interface/ipsconnect/ipsconnect.php
The Infection is here : act=login&idType=id&id=’id here’ <-- Here is the Vulnerable Parameter. the $_POST['id']
You can remove it Who = ?
Replacing all in the file with this ->
<p>You can not defeat me...</p>
Edited by Dr.Core, 10 May 2015 - 10:46 PM.