Discovering tables
Now that we know our target database is called owasp10, let's try to discover the tables that exist in that database. So, our select statement is union select 1, database(),user(),version(),5. Delete user() and version(), or change it to null because we only want to select one thing now, and in 2, we're going to select table_name from the information_schema database. We know that information_schema is a default database created by MySQL and it contains information about all the other databases. We select table_name from information_schema. and after the dot, we put tables. Basically, we're selecting a table called tables from a database called information_schema, and the column that we're selecting is called table_name, so we are selecting table_name from the information_schema database from the tables table. The command is as follows:
union select 1,table_name,null,null,5 from information_schema.tablesThe URL command changes as follows:
index.php?page=user-info.php&...
