dzoic handshakes sql injection >> index.php on $fname

By :s3rv3r_hack3r(Ali Jasbi) From hackerz.ir
vendro : dzoic.com
version : all
risk : high
bug :
http://Victim/dzoic/index.php?handler=search&action=perform&search_type=members&fname=[Sql
Injection]&lname=jakson&[email protected]&handshakes=0&distance=0&country=0&state=0&city=0&postal_code=12345&online=on&with_photo=on&submit=Search