SQL injection problem

Ok so I i know a website thats has XSS.

markupwww.something.com/view_user.php?list=1&letter=&sort_by=' [SQL injection]

Ok so I try this:

markupwww.something.com/view_user.php?list=1&letter=&sort_by=' UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES-- and i hit enter

it gives me this error:

markupInvalid SQL query: SELECT u.*, m.mana FROM wowbb_users u LEFT JOIN wowbb_manas m USING (user_id) WHERE user_activation_key = '' ORDER BY , u.user_name LIMIT 0, 40-You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ' u.user_name LIMIT 0, 40' at line 1

and i know the usenames are in wowbb_users, I am confused. Please help me

so what is it no one here knows what that means? Help

well wut is saying (in lamen terms): go into database "wowbb_users" and select the user m.mana

i suppose that is wut it means, the rest is just the actual error in joining things together.. from here u can do a DROP command and drop everything in the database or read out the users in "wowbb_users" and then hopefully get the password table name by doing a table name search.

Edit: Oh yea almost forgot, this information cud have been easily retreaved via www.google.com

www.fuckinggoogleit.com

well thanks I know i was looking it up on google but I couldn't find anything. Well thanks again

Just to let you know, that'd be SQL injection, not XSS. I know you meant sql injection, but just thought I'd point that out.

thanks dude