Clarlification on DB2 sql injection

[fr0stman <fr0stman () sun-tzu-security net>]

In my original post I wasn't too detailed in what I was asking. Thanks
to all that replied though ;).

I'm working in a test environment using DB2 as the back end to a
vulnerable web application.In DB2 multiple statements aren't allowed,
etc and I'm trying to figure out how to mine data from the tables.
Here's the scenario:

tablename = applogin

columns = name, password, SSN, comments

Original SQL statement = select * from applogin where name = 'name' and
password = 'password';


I can enumerate all columns with:

username = ' group by 1; # or ' having 1=1-- type of stuff causing the
errors.

What I'm trying to do is enumerate the data contained within those
columns. The convert() type errors, etc don't work on DB2. I'm also in
the middle of testing things like "concat(name||"-"||password) as
comment" type stuff but not getting very far with it.


Any ideas? Sorry I wasn't more specific in my original post as to what I
was looking for.

-- 


-- fr0stman --

Victorious warriors win first and then go to war, while defeated
warriors go to war first and then seek to win.

Sun-tzu, The Art of War. Strategic Assessments