Help popping a web application

[Maudite MLRL <maudite.mlrl () gmail com>]

Ok,

Working on a Black Box application test and I am looking for a little
input on some things to try to get through this application. This is
against production deployed code but the test is against the test lab
systems so messing up the system is ok. The goal is elevated privilege
and/or data manipulation. What I am up against is a 3 tier web
application.

Rules/scope are application only, no direct service attacks against
the OS/Network/ or server system (IIS 5) itself. So like no metasploit
type garbage. Hand jamming all the way and through the web interface
only.

Background:

Web tier: Web Server is IIS 5.0, on win 2k
Application server Tier: application server is Websphere 6.0 on Win2k
DB tier is MS SQL on win 2k.

All separate boxes. Code base is Java. Authentication is handled by
Active Directory (out of scope). This is an internal app. There are
probably firewalls between me and the primary web server, but my area
is application only anyway. I have a user level  login. Whole
connection scheme is SSL (cookies/presentation/ all of it).

Web inspect offered NO vulnerabilities.

What I have done both in the html portion of the application and
catching the info at a Burp Suite Proxy so I could by pass any funky
filtering:

Standard 1=1 and ' type injections at multiple input locations.
Produced no errors just a custom "did not meet criteria message".

Directory transversal – no joy

URL rewrite for bypassing any login type criteria- no joy

Sequential session ID checks to hijack a 1 up system – no joy they are random

Large input (5000 characters) to see if I could force an error.

Bad option to a field sort request – got a custom error message
stating call the administrator. No information

No information in the html code. Column headings do not appear to
match DB tables when other requests are manipulated with html
information.

Cookies and web pages are not cached.

There was other stuff but I am a little drained to remember right now.
I have until Sunday to pop this then my window closes.

Anything can help at this point. I hate to loose.

Maudite.