Way better write-up.

docs/ctf/sql-injection_2.md

@@ -18,25 +18,29 @@ If you're looking at the tool that we mentioned previously, which Of course you
 
 ![Screenshot](./images/hackbar.png)
 
-And boom! Just like that, the entire product catalogue is laid bare. But our hacker wants more. They want to see what other databases are hiding in the shadows. So, they might try injecting a command to list databases.  I'll save you the hassle of learning this database.
+And boom! Just like that, we injected a statement that returns 'TRUE' from the database, silently and uselessly. But our hacker wants more. They want to see what other databases are hiding in the shadows. So, they might try injecting a command to list databases.  I'll save you the hassle of learning this database.
+
+You can read all about how this works later, but in this case, we are pilfering the filthy database behind this amazing website and aligning with with the correct output of columns.  To do that, you need to figure out how many columns you have.   Do this, adding a new 'Null' until you stop getting errors.  You can also look at your displayed tables on teh website and take an educated guess.
+
+```sql```
+catid=1000 UNION SELECT NULL, NULL--
+```
+When you have the right amount - which isn't displayed below, so stop copy and pasting, you'll be able to view all the tables by simply asking the database to tell you. 
+
 ```sql
-UNION SELECT schema_name, 2, 3 FROM information_schema.schemata --
+UNION SELECT table_name, 2, 3, 4, 5, 6 FROM information_schema.tables--
 ```
-This will look for the tables using a clever trick, and add it to the output of your super hardcore SQL injected payment page.  Now, it's a guessing game. `'users'`, `'customers'`, `'members'` - common names for databases holding juicy information.
+This will look for the tables using a clever trick and add it to the output of your super hardcore SQL injected page.  Now, it's a guessing game to find more information.
 
-But here's where the magic happens. The `UNION` command is the Swiss Army knife of SQL injection. It allows our hacker to combine the results of their injected query with the results of the original query. But there's a catch: the number of columns in the UNIONed query has to match the original.
+Here's where the magic happens. The `UNION` command is the Swiss Army knife of SQL injection. It allows our hacker to combine the results of their injected query with the results of the original query. But there's a catch: the number of columns in the UNIONed query has to match the original.
 
 If our original query was fetching three columns of data, our injection needs to request three columns too. Any more or less, and it'll spit out errors like a broken vending machine.
 
-So, let's say our hacker knows there's a `'users'` database and it contains `'firstname'`, `'email'`, and `'password'` columns. They could craft an injection like this: 
+Want to see what exists in the `products` table?  Give 'er, young blood. 
+
 ```sql
-catid=1000 UNION SELECT firstname, email, lastname FROM users LIMIT 7, 100
-```
-In URL encoding, because you live life on hardcore mode and you're injecting by URL - which means you probably aren't reading this tutorial but the above statement would look like this: 
-##### THERE DO BE ANSWERS HERE
-```
-catid=1000%20UNION%20SELECT%20firstname%2C%20email%2C%20lastname%20FROM%20users%20LIMIT%207%2C%20100
-```
-This pulls the first name, email, and last name from the users database, starting from the 7th entry and for the next 100 entries. And just like that, our hacker has scored a treasure trove of data.  I wonder, I really really wonder, if there are any other columns that could be useful.  The Logfather would know...
+ UNION SELECT COLUMN_NAME,2,3,4,5 FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 'products' --
+ ```
+You have what you need.  The rest is on your cranial neurons bouncing around in the appropriate flightpaths.  Move your statements around, ask your favourite manager that's been replaced by AI, do the needful.  Score some points.
 
 Remember, my friends, with great power comes great responsibility. SQL injections are a potent tool in the wrong hands. As cyber warriors, it's our job to defend against such threats. So, keep your wits about you, sanitize your inputs, and keep your apps secure. The future of the digital realm depends on it.