SQL Injection Questions

[Tentra]

I have a basic knowledge of SQL injection, and I have been messing around with "MySQLi Dumper v.1.2" and I can use it efficiently. Although I don't understand the injections it uses, most importantly I don't know how it finds the names of the tables and columns. If I knew how to do this by hand I would no longer be bound to a skiddie tool.

I know that "INFORMATION_SCHEMA.TABLES.TABLE_NAME" contains the names of the tables. But I don't know how to connect to a different database or get the server to echo the data to the page.

Don't tell me to Google it. I have and found 3 things:
http://ha.ckers.org/sqlinjection/
http://unixwiz.net/techtips/sql-injection.html
http://sqlzoo.net/hack/24table.htm

I can't find anything that talks about what I need.

If anyone could point me to any examples or articles, that would be amazing.

-- Fri Jun 26, 2009 1:58 pm --

Never mind, I have found my answer.

[thedotmaster]

Here is your answer:
http://www.w3schools.com/SQl/default.asp
and:
http://dev.mysql.com/doc/refman/5.0/en/tutorial.html

Sure you may be able to enter certain strings that you found out about.. but it's far better if you can work out those strings yourself - rather than relying on someone else to do it for you.