courious blind sql topic..

["none neither" <stfu () consultant com>]

I was just learning about sql injection and it's blind recall, and I have some questions:

 With the sentence "  and MID($$$FIELD$$$,1,1) like CHAR(37) " and some bruteforce I went through php's special chars 
protection and was able to get thinks like:
 
 http://www.phrack.org/author.php?a=290 and MID($$$FIELD$$$,1,1) like CHAR(37)
 
 user() of query: phracksql@localhost
 database() fo query: phrack
 version of mysql: 4.0.18...
  
 I was also able to get the names of the field in the query using the following sentence:
 
 http://www.phrack.org/author.php?a=290 and MID($$$FIELD$$$,1,1) like CHAR(37)
 
 and I've found these in my example:
 
 - id, date, name, title
 
 but when the field is empty (for example: ?a=300 and MID(email,1,1) like CHAR(37) author 300 has no email in database 
) I get no clear response as with a=290.. Is there a better select to get a field even if it's empty?
 
 I've tried to find the number of fields or the name of the table in the database, but alltough it's mysql4.x I was not 
able to build a workingn union yet.. I'll work in it.
 
 Thanks in advance..
 stfu


-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/