_____SQL Injection:
index.php?module=News&startrow='[sql injection]
_____Show path to script:
user.php?op=userinfo&uname='