SQL Injection

Overview

MS SQL injection is a type of web application security vulnerability that occurs when an attacker can manipulate user input in a web application that interacts with a Microsoft SQL Server database. This vulnerability can allow an attacker to execute malicious SQL statements, such as dropping tables, modifying data, or extracting sensitive information, by exploiting the application's failure to properly sanitize or validate user input.

Example code

See refences for examples and useful tips.

Union All Select

Example of union all select:

artist=' UNION ALL SELECT @@Version,NULL--
artist=' UNION SELECT (SELECT is_srvrolemember('sysadmin')),NULL--

Refences

PayloadsAllTheThings/MSSQL Injection.md at master · swisskyrepo/PayloadsAllTheThingsGitHub