exploit – SQL injection exploitations

As a newbie testing on a website demonstration, I’ve found the SQL injection vulnerability on the search functionality. The query I put on the URL is encoded. For example, ' is %27, is %20.

The base case I’ve spotted the vunlerability is:

url/search=ball' UNION SELECT 1,2,3,4 OR '1'='1

It is successful since the query is not parameterized, but using the comment-- at the end is not successful.

It’s also possible to go further to find the server information: (1,2,3 are strings, 4 always show 1 no matter I put a string or a number)

url/search=ball' UNION SELECT version(),2,3,4 OR '1'='1
>> 8.0.23-0ubuntu0.20.04.1

However, when I tried further to seek the table name and match the number of columns using:

url/search=ball' UNION SELECT table_name,2,3,4 FROM information_schema.tables OR '1'='1

There’s no information shown in the provided table.

Do I miss something or anything I can try? Thanks.