hi execute.
this was retested at least 100 times.
snippet (against MSSQL 2005):
[12:45:38] [PAYLOAD] 1' AND 5424=CONVERT(INT,(CHAR(58)+CHAR(105)+CHAR(112)+CHAR(
121)+CHAR(58)+(SELECT TOP 1 SUBSTRING((ISNULL(CAST(sysusers.name+CHAR(46)+sysobj
ects.name AS NVARCHAR(4000)),CHAR(32))),1,100) FROM te
Hey,
I'm using the error-based technique for extracting data from an MSSQL server
(2005 - 9.00.4053.00). It seems like concating the sub-query with a string
doesn't work well - for some reason, the webserver returns the regular
response for row not found instead of throwing an error.
I tested it
