Testing for SQL Server

Short Description of the Issue (Topic and Explanation)
[SQL injection vulnerabilities] occur whenever input is used in the construction of an SQL query without being adequately constrained or sanitized. The use of dynamic SQL (the construction of SQL queries by concatenation of strings) opens the door to these vulnerabilities. SQL injection allows an attacker to access the SQL servers. It allows for the execution of SQL code under the privileges of the user used to connect to the database.

The Microsoft SQL server has a few particularities so that some exploits need to be specially customized for this application. That's the subject of this section.

Black Box testing and example
Testing for Topic X vulnerabilities: ... Result Expected: ...

Gray Box testing and example
Testing for Topic X vulnerabilities: ... Result Expected: ...