I found several SQLi's in this domain, but unfortunaly, acordingly to the director of security "it isn't part of the university's policy to give thank you letters"


9 SQLis.

1: http://www.fmd.up.pt/cursos/index.php?pagina=detalhecurso&id=64

2: https://www.mat.uc.pt/phd_prog/include/downloadFile.php?id=%2711&lang=%271

When you open the link, a download of a file starts, and it contains only: Erro: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \1 and d.id_documento = \11 at line 1

3: http://www.epidemiologia.med.up.pt/html/filecv.php?id_pessoa=%275

4: http://higiene.med.up.pt/html/filecv.php?id_pessoa=%278

5: http://www.ineb.up.pt/node/2709/index.php?semail=%27iamaral@ineb.up.pt

6: https://paginas.fe.up.pt/~nidea/verevento.php?id=%275

7: https://www.fep.up.pt/conferences/euroconference2016/index.php?id_page=%27167



Plus this 2 that were offline at the time of writing this (and i didn't save a printscreen, sorry):