Whitepaper that discusses error-based SQL injection in “Order By” clause in MSSQL.
You can download it from the following link: https://packetstormsecurity.com/files/download/146889/errorbased-sql.pdf
Source: https://packetstormsecurity.com/files/146889/MSSQL-Error-Based-SQL-Injection.html