No Database No Table, how do you do MSSQL Injection?
One day, while reviewing the code of an ASP.NET website, I came across a special case of SQL Injection with Microsoft SQL Server, basically the form of SQL Injection is like this: string sql = string.Format( "SELECT ReportsDB..{0}.* " + "FROM ReportsDB..{0} " + "WHERE ReportsDB..{0}.Id = 1 " , Request["table"…