Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

DB2 - SQL Injection

from [Andres Molinetti] Network Security [Permanent Link]
Subject: DB2 - SQL Injection
Date: Mon, 21 Feb 2005 19:17:45 +0000
I have already posted this a few days ago, but this time I have gattered more information and I think this would be a bit less fuzzy than the previous one:

I'm pen-testing an web app with a DB2 database.

I have found it is vulnerable to SQL Injection, but I'm having some problems in performing an UNION query to get data from other tables.

I suppouse the original query is like this: SELECT Cod,Desc FROM TB1 WHERE Desc='
(if I append: ' OR 1=1-- I get all rows returned)
so I have appended this string: ' UNION ALL SELECT 'A', 'A' FROM SYSTABLES --

Table TB1 has the following structure:

. Cod (char)
. Desc (char)
. FH (timestmp)
. Upd (char)

so...selecting 'A','A' should match column types....

anyway I still getting " UNION operands are not compatible"

any ideas?

Thanks in advance, Andy

_________________________________________________________________
Descarga gratis la Barra de Herramientas de MSN http://www.msn.es/usuario/busqueda/barra?XAPID=2031&DI=1055&SU=http%3A//www.hotmail.com&HL=LINKTAG1OPENINGTEXT_MSNBH

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: TR: Mapping Class A network ( any easy trick?), Vicente Feito
Next by Date:  Re: Bypassing NTFS ACL, Frank Knobbe
Previous by Thread:  MIVA Pen test, Jeffrey Leggett
Next by Thread:  Re: DB2 - SQL Injection, cris_dewitt
Indexes:  [Date] [Thread] [Top] [All Lists]