From a9bae33a088fc7ab8892a08a1b02f5054736b71b Mon Sep 17 00:00:00 2001
From: Travis Manning <travis.manning1@gmail.com>
Date: Thu, 14 May 2020 08:59:56 -0400
Subject: [PATCH 1/2] Added tSQL-specific injection string

Leverages built in sproc to drop all tables, instead of guessing a table name;
---
 blns.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/blns.txt b/blns.txt
index 09ad568..280a977 100644
--- a/blns.txt
+++ b/blns.txt
@@ -586,6 +586,7 @@ http://a/%%30%30
 1'; DROP TABLE users-- 1
 ' OR 1=1 -- 1
 ' OR '1'='1
+'; EXEC sp_MSForEachTable 'DROP TABLE ?'; --
  
 %
 _
@@ -729,4 +730,4 @@ Powerلُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ冗
 #
 # This is a four characters string which includes Persian special characters (گچپژ)
 
-گچپژ
\ No newline at end of file
+گچپژ

From 494b425a846f97404c14295d0f9a2aa17a4ba3a2 Mon Sep 17 00:00:00 2001
From: Travis Manning <travis.manning1@gmail.com>
Date: Thu, 14 May 2020 09:08:00 -0400
Subject: [PATCH 2/2] Update blns.json

Added same string to JSON file;
---
 blns.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/blns.json b/blns.json
index 167df4b..75d5973 100644
--- a/blns.json
+++ b/blns.json
@@ -431,6 +431,7 @@
   "1'; DROP TABLE users-- 1", 
   "' OR 1=1 -- 1", 
   "' OR '1'='1", 
+  "'; EXEC sp_MSForEachTable 'DROP TABLE ?'; --",
   " ", 
   "%", 
   "_",