RE: Pen-testing AS400 DB2 LANSA

["Eoin Keary" <eoinkeary () hotmail com>]

Thanks Amichai,
Regular tests such as "O'Brien" or "  ' Or 1=1 -- ' do not work. So I was 
wondering if there are any other vectors one could try specific to DB2 & 
AS400


> From: "Amichai Shulman" <shulman () imperva com>
> To: <pen-test () securityfocus com>
> CC: <eoin.keary () owasp org>
> Subject: RE: Pen-testing AS400 DB2 LANSA
> Date: Wed, 22 Jun 2005 09:32:31 +0200
>
> We did a pen-test on a web application a while ago that used DB2 on
> AS400 as backend database. Found SQL injection to work much like with
> any other database. Interesting thing though was that we invoked a
> denial-of-service attack against the AS400 by injecting a computation
> intensive query.
>
> Amichai Shulman
> CTO
>
>
>
>
> Imperva, Inc.
> 12 Hachilazon St.
> Ramat Gan
>
>
> (972)-3-6120133 x103 Office
> (972)-3-7511133 Fax
> (972)-50-6544451 Mobile
> shulman () imperva com
>
>
> -----Original Message-----
> From: eoin.keary () owasp org [mailto:eoin.keary () owasp org]
> Sent: Wednesday, June 15, 2005 3:34 PM
> To: pen-test () securityfocus com
> Subject: Pen-testing AS400 DB2 LANSA
>
>
> Hi,
> anyone have any knowledge on SQL injection for a AS400 running DB2?
>
> Eoin

_________________________________________________________________
Go where quality Irish singles meet - get FREE Match.com membership! 
http://match.msn.ie