WebApp Sec mailing list archives
Clarlification on DB2 sql injection
From: fr0stman <fr0stman () sun-tzu-security net>
Date: 25 Aug 2003 11:48:14 -0400
In my original post I wasn't too detailed in what I was asking. Thanks to all that replied though ;). I'm working in a test environment using DB2 as the back end to a vulnerable web application.In DB2 multiple statements aren't allowed, etc and I'm trying to figure out how to mine data from the tables. Here's the scenario: tablename = applogin columns = name, password, SSN, comments Original SQL statement = select * from applogin where name = 'name' and password = 'password'; I can enumerate all columns with: username = ' group by 1; # or ' having 1=1-- type of stuff causing the errors. What I'm trying to do is enumerate the data contained within those columns. The convert() type errors, etc don't work on DB2. I'm also in the middle of testing things like "concat(name||"-"||password) as comment" type stuff but not getting very far with it. Any ideas? Sorry I wasn't more specific in my original post as to what I was looking for. -- -- fr0stman -- Victorious warriors win first and then go to war, while defeated warriors go to war first and then seek to win. Sun-tzu, The Art of War. Strategic Assessments
Current thread:
- Clarlification on DB2 sql injection fr0stman (Aug 25)