Questions about this topic? Sign up to ask in the talk tab.
SQL injection/Target Environments/Mapping/MS SQL
From NetSec
- SQL injection > Target Environments > Mapping > MS SQL
An important note is that MS SQL is different when it comes to ordered single-cell selection.
Notice: We don't currently have a method of listing all of the database names in MS SQL. If you have a copy that one of the developers can use for testing to improve this article, please don't hesitate to let us know in IRC.
- Listing Tables:
SELECT TABLE_NAME FROM information_schema.columns WHERE table_catalog=[database_name] GROUP BY TABLE_NAME ORDER BY TABLE_NAME ASC; |
- Listing Columns:
SELECT column_name FROM information_schema.columns WHERE table_catalog=[database_name] AND TABLE_NAME=[table_query] GROUP BY column_name ORDER BY column_name ASC |