Questions about this topic? Sign up to ask in the talk tab.
Difference between revisions of "SQL injection/Target Environments/Mapping/MS SQL"
From NetSec
(Created page with "<noinclude>{{subpage|SQL injection}}</noinclude> An important note is that MS SQL is different when it comes to ordered single-cell selection. {{notice|We don't <i>currently</i>...") |
|
(No difference)
|
Revision as of 01:24, 19 July 2012
- back to SQL injection
An important note is that MS SQL is different when it comes to ordered single-cell selection.
Notice: We don't currently have a method of listing all of the database names in MS SQL. If you have a copy that one of the developers can use for testing to improve this article, please don't hesitate to let us know in IRC.
- Listing Tables:
SELECT TABLE_NAME FROM information_schema.columns WHERE table_catalog=[database_name] GROUP BY TABLE_NAME ORDER BY TABLE_NAME ASC; |
- Listing Columns:
SELECT column_name FROM information_schema.columns WHERE table_catalog=[database_name] AND TABLE_NAME=[table_query] GROUP BY column_name ORDER BY column_name ASC |