SQL Server 2000 - DVWA - including '-' character

StackOverflow https://stackoverflow.com/questions/21543079

Pergunta

I am working with Damn Vulnerable Web App against a Microsoft SQL Server. My question is actually quite straight forward, but can be mis-interpreted quite easily. Basically. This is my query:

+AND+1=convert(int,
    (select+
        top+1+
        user+
    from+
        TBL-Users
    )
)--

Now my question is simple. This is the query to extract data from the columns. How do I craft it so that it allows me to extract data from this column? Because apparently, it does not like that I am using the '-' character in this query (but that's the table name).

According to this error:

[Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near '-'.

How can I work around this, and get the data from the column assuming that the '-' character is in the table name?

Foi útil?

Solução

In SQL-Server you can basically use most of the reserved words and special characters inside []:

select *  from [TBL-Users]
Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top