inurl:index.php?id= intext:"mysql_fetch_array"
here's a dork to find sql injectable sites in general.
inurl can be replaced to something different...
thx,
Denis Muhic
体验盒子