Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action.