Помогите крутануть

[21:12:05] [INFO] Host parameter 'Host' appears to be 'MySQL OR time-based blind (ELT - comment)' injectable

[21:36:03] [INFO] heuristic (XSS) test shows that GET parameter 'call' might be vulnerable to cross-site scripting (XSS) attacks

.SpoilerTarget" type="button">Spoiler: site
http://wiki.timezero.ru/lib/exe/ajax.php?call=1