Australia's government defense site vulnerable to SQL Injection and XSS

The Hacking group Zer0Lulz discovered a SQL injection vulnerability in official site belong to Australia's government defense . 

Vulnerability Details:

• Type: SQLi
• Author: Zer0Lulz
• Target: http://www.dsto.defence.gov.au/
• Vulnerable Link: http://www.dsto.defence.gov.au/events/archive.php?year=
• alert: Critical(leads to database compromise)
• STATUS: unfixed

In the past, this hacking group have been discovered XSS vulnerabilities in high profile sites with operation called "OP XSSec".

XSS Vulnerability:

The Site is also vulnerable to Reflected XSS, i hope you know what reflected xss means to.

• Vulnerability details:
• Type: Reflected XSS
• Alert: low
• STATUS: unfixed
• author: BreakThesec
• Vulnerable Link: http://www.dsto.defence.gov.au/search.php?q=

Update:

Australia's government defense is in the process of fixing the Security hole.  Hope they will fix it.