From: Frederic Charpentier (fcharpen@xmcopartners.com)
Date: Fri Jan 07 2005 - 09:38:07 EST
Hi list !
I'm wondering if someone have experiences to share about SQL Injection
specificaly with DB2 and ASP.
the sql flaws found :
Microsoft OLE DB Provider for ODBC Drivers error '80004005'
[IBM][CLI Driver][DB2/NT]
I've already test common Sql tricks, like "having or group by" to
obtains infos.
The problem here is that the underneath SQL command is a SELECT which
returns a blob field ( a binary file).
So, my question is : is there specific DB2 commands (like xpcmdshell
with MSSQL) to perform stuffs like that : script.asp?p=3';
db2.specific.cmd ; .....
Thanks in advance.
-- _______________________________________ Frederic Charpentier - Xmco Partners Security Consulting / Pentest web : http://www.xmcopartners.com
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:12 EDT