Earlier today I found a SQL Injection Vuln for Guestbook 2.2, so I searched for this via A9
a9.com/guestbook%202.2 (the %20 is the same thing as a space in an URL)
I decided to go to page 26 (135,000 results) and after clicking a page number on the bottom I notice the URL is http://a9.com/guestbook%202.2?p=26.
Awesome, the ?p= is how to tell it a page!
OK, so you dont care about searching by URL, but you think the vuln is interesting?
...after clicking the admin link, leave the username blank and put ') OR ('a' = 'a in the password field.