RE: Table enumeration in mysql injection

["Matt Gibson" <MattG () blueedgetech ca>]

Unless I'm missing something, the only bit in that article to do with finding a table name involves looking through the 
html/javascript code.  I'm looking for a method for finding the name within mysql itself.  I realize commands like 
"show table" exist, but they do not seem to work within the format of the injection.

-Matt

-----Original Message-----
From: Mert Eren ÜSTÜNKAYA [mailto:mustunkaya () cepdunyasi com] 
Sent: March 4, 2005 12:38 AM
To: Matt Gibson
Cc: security-basics () securityfocus com
Subject: Re: Table enumeration in mysql injection

A nice and easy document on how to get table names and injection process ...

http://www.tgs-security.com/tutorials/advsqlinj.txt




----- Original Message ----- 
From: "Matt Gibson" <MattG () blueedgetech ca>
To: <security-basics () securityfocus com>
Sent: Thursday, March 03, 2005 9:40 AM
Subject: Table enumeration in mysql injection


Hi everyone!

Working on some SQL injection to hone my skills, but I'm coming up
against a problem early on.  I'm working on a mysql database, and it
seems I can directly inject into the url.  However, since I don't know
the name of the table I'm on, I don't seem to be able to extract any
information from it.  How does one go about determining the current
table, or even a list of all tables in the database?

Thanks!

-Matt