Well I've looked all over the net for this solution and I could not find the answer so after much trial an error I was able to build my own solution. Lets say you need to query one row at a time from DB2 and you cannot use cursors and specifically you need to query sysibm.systables. I came up with this solution and there may be a more elegant way but this worked.
select * from (
select * from systables order by name asc fetch first 1 rows only
) as G order by name desc fetch first 1 rows onlyselect * from (
select * from systables order by name asc fetch first 2 rows only
) as G order by name desc fetch first 1 rows onlyselect * from (
select * from systables order by name asc fetch first 3 rows only
) as G order by name desc fetch first 1 rows only...
...
select * from (
select * from systables order by name asc fetch first 1000 rows only
) as G order by name desc fetch first 1 rows only
I put the below query into a vulnerable parameter sent to a website and used burp intruder to iterate through each row by incrementing N.
select * from (
select * from systables order by name asc fetch first N rows only
) as G order by name desc fetch first 1 rows only
The query works by first requesting N number of rows with the data ordered ascending and thus putting the Nth row on the bottom of the Result Set. Next query the Result Set ordered desc so that the Nth row is now at the top of the Result Set and fetch the first row. The Result Set will then return the Nth row you need without having to define cursors.
Posts
No comments:
Post a Comment