I have a basic knowledge of SQL injection, and I have been messing around with "MySQLi Dumper v.1.2" and I can use it efficiently. Although I don't understand the injections it uses, most importantly I don't know how it finds the names of the tables and columns. If I knew how to do this by hand I would no longer be bound to a skiddie tool.
I know that "INFORMATION_SCHEMA.TABLES.TABLE_NAME" contains the names of the tables. But I don't know how to connect to a different database or get the server to echo the data to the page.
Don't tell me to Google it. I have and found 3 things:
http://ha.ckers.org/sqlinjection/
http://unixwiz.net/techtips/sql-injection.html
http://sqlzoo.net/hack/24table.htm
I can't find anything that talks about what I need.
If anyone could point me to any examples or articles, that would be amazing.
-- Fri Jun 26, 2009 1:58 pm --
Never mind, I have found my answer.