Re: Table enumeration in mysql injection

[Mert Eren ÜSTÜNKAYA <mustunkaya () cepdunyasi com>]

A nice and easy document on how to get table names and injection process ...

http://www.tgs-security.com/tutorials/advsqlinj.txt




----- Original Message ----- 
From: "Matt Gibson" <MattG () blueedgetech ca>
To: <security-basics () securityfocus com>
Sent: Thursday, March 03, 2005 9:40 AM
Subject: Table enumeration in mysql injection


Hi everyone!

Working on some SQL injection to hone my skills, but I'm coming up
against a problem early on.  I'm working on a mysql database, and it
seems I can directly inject into the url.  However, since I don't know
the name of the table I'm on, I don't seem to be able to extract any
information from it.  How does one go about determining the current
table, or even a list of all tables in the database?

Thanks!

-Matt