sql stored-procedures sql-injection xp-cmdshell

How to combine stored procedure and select query result?

I am trying to combine the results of xp_cmdshell with a select query. I have tried union & read about creating a temp table, but as my result will be having only 1 column. To be more precise i need a smaller query to combine the results of xp_cmdshell with select query as am trying to use it in union based sql injection

For example:

Select name from employee
union
exec xp_cmdshell 'whoami'

I know this wont work but somewhat similar would be great :)

Solution

Create a temp table and do insert into #temp EXEC.. or use OPENROESET. Refer this http://beyondrelational.com/modules/2/blogs/70/posts/10812/select-columns-from-exec-procedurename-is-this-possible.aspx

Math.Sin() gives incorrect value
How to run my python script when the sunOS is start booting
Express-session: not resetting cookie expiration on each request
Getting a stack overflow exception when normalizing a vector
Edit default summary function in R gives error for multiple variables
What was a For loop? Why isn't it needed in R?
How to use download button in shiny and save results in various formats (csv, texte, pdf, spss...)?
Why are there two assignment operators, `<-` and `->` in R?
lm()$assign: what is it?
How to get the value of list(...) in R and S functions
Design matrix for MLM from library(lme4) with fixed and random effects
how to generate elements not included in my sample
Create a matrix with gradually changing values without a for loop
Emacs ESS and S-plus ( S+ ) 8.1 compatability
How to lag date-index in a time-series in R?
Nonlinear regression in R / S
Calling R from S-Plus?