Update sqlserver.html (#18)

tigertigerboy07 · web-flow · commit 2be161408901 · 2022-11-15T09:03:09.000-06:00
* Update sqlserver.html

Added String concatenation section for SQL Server

* Update sqlserver.html

Added SQL Server functions
diff --git a/dbmsIdentification/sqlserver.html b/dbmsIdentification/sqlserver.html
@@ -18,6 +18,16 @@ <h3 id="sql-injection-detection">DBMS Identification</h3>
       <td>Default variable</td>
       <td>page.asp?id=sql'; SELECT @@SERVERNAME -- </td>
     </tr>
+    <tr>
+      <td>String concatenation</td>
+      <td>page.php?id='mssql'+'mssql' -- </td>
+    </tr>
+    <tr>
+      <td>Functions</td>
+      <td>@@rowcount -- <br>
+      SQUARE(1) -- <br>
+      @@pack_received -- </td>
+    </tr>
     <tr>
       <td>Error messages<br/><i>Note: Triggering DB errors through invalid syntax will sometimes return verbose error messages that include the DBMS name.</i></td>
       <td>page.asp?id='</td>
