[Abstract]............................................................................................................................3
[Introduction]......................................................................................................................3
[Obtaining Information Using Error Messages].................................................................7
[Leveraging Further Access].............................................................................................12
[xp_cmdshell]...............................................................................................................12
[xp_regread]..................................................................................................................13
[Other Extended Stored Procedures]............................................................................13
[Linked Servers]............................................................................................................14
[Custom extended stored procedures]...........................................................................14
[Importing text files into tables]...................................................................................15
[Creating Text Files using BCP]...................................................................................15
[ActiveX automation scripts in SQL Server]................................................................15
[Stored Procedures]...........................................................................................................17
[Advanced SQL Injection]................................................................................................18
[Strings without quotes]................................................................................................18
[Second-Order SQL Injection]......................................................................................18
[Length Limits].............................................................................................................20
[Audit Evasion].............................................................................................................21
[Defences].........................................................................................................................21
[Input Validation]..........................................................................................................21
[SQL Server Lockdown]...............................................................................................23
[References]......................................................................................................................24
Appendix A - 'SQLCrack'.................................................................................................25
(sqlcrack.sql).................................................................................................................25
Click Here To Download/ Read Online SQL Advanced Injection
