Exploiting SQL Injection on URL parameters using SQL Injection