PostgreSQL privilege list update

SQL Injection/PostgreSQL Injection.md

@@ -76,9 +76,14 @@ SELECT usename, passwd FROM pg_shadow
 SELECT usename FROM pg_user WHERE usesuper IS TRUE
 ```
 ## PostgreSQL List Privileges
-
+Gather information from the [`pg_user`](https://www.postgresql.org/docs/current/view-pg-user.html) table:
 ```sql
-SELECT usename, usecreatedb, usesuper, usecatupd FROM pg_user
+SELECT * FROM pg_user
+```
+
+Retrieve all table-level privileges for the current user, excluding tables in system schemas like `pg_catalog` and `information_schema`:
+```sql
+SELECT * FROM information_schema.role_table_grants WHERE grantee = current_user AND table_schema NOT IN ('pg_catalog', 'information_schema');
 ```
 
 ## PostgreSQL Check if Current User is Superuser
@@ -277,4 +282,4 @@ SELECT $TAG$This is another string$TAG$
 - [Postgres SQL Injection Cheat Sheet - @pentestmonkey - August 23, 2011](http://pentestmonkey.net/cheat-sheet/sql-injection/postgres-sql-injection-cheat-sheet)
 - [PostgreSQL 9.x Remote Command Execution - dionach - October 26, 2017](https://www.dionach.com/blog/postgresql-9-x-remote-command-execution/)
 - [SQL Injection /webApp/oma_conf ctx parameter - Sergey Bobrov (bobrov) - December 8, 2016](https://hackerone.com/reports/181803)
-- [SQL Injection and Postgres - An Adventure to Eventual RCE - Denis Andzakovic - May 5, 2020](https://pulsesecurity.co.nz/articles/postgres-sqli)
+- [SQL Injection and Postgres - An Adventure to Eventual RCE - Denis Andzakovic - May 5, 2020](https://pulsesecurity.co.nz/articles/postgres-sqli)