mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-12 06:12:47 +00:00
Merge pull request #755 from n3rada/patch-1
PostgreSQL privilege list update
This commit is contained in:
commit
ffa5ea764a
1 changed files with 8 additions and 3 deletions
|
@ -76,9 +76,14 @@ SELECT usename, passwd FROM pg_shadow
|
|||
SELECT usename FROM pg_user WHERE usesuper IS TRUE
|
||||
```
|
||||
## PostgreSQL List Privileges
|
||||
|
||||
Gather information from the [`pg_user`](https://www.postgresql.org/docs/current/view-pg-user.html) table:
|
||||
```sql
|
||||
SELECT usename, usecreatedb, usesuper, usecatupd FROM pg_user
|
||||
SELECT * FROM pg_user
|
||||
```
|
||||
|
||||
Retrieve all table-level privileges for the current user, excluding tables in system schemas like `pg_catalog` and `information_schema`:
|
||||
```sql
|
||||
SELECT * FROM information_schema.role_table_grants WHERE grantee = current_user AND table_schema NOT IN ('pg_catalog', 'information_schema');
|
||||
```
|
||||
|
||||
## PostgreSQL Check if Current User is Superuser
|
||||
|
@ -277,4 +282,4 @@ SELECT $TAG$This is another string$TAG$
|
|||
- [Postgres SQL Injection Cheat Sheet - @pentestmonkey - August 23, 2011](http://pentestmonkey.net/cheat-sheet/sql-injection/postgres-sql-injection-cheat-sheet)
|
||||
- [PostgreSQL 9.x Remote Command Execution - dionach - October 26, 2017](https://www.dionach.com/blog/postgresql-9-x-remote-command-execution/)
|
||||
- [SQL Injection /webApp/oma_conf ctx parameter - Sergey Bobrov (bobrov) - December 8, 2016](https://hackerone.com/reports/181803)
|
||||
- [SQL Injection and Postgres - An Adventure to Eventual RCE - Denis Andzakovic - May 5, 2020](https://pulsesecurity.co.nz/articles/postgres-sqli)
|
||||
- [SQL Injection and Postgres - An Adventure to Eventual RCE - Denis Andzakovic - May 5, 2020](https://pulsesecurity.co.nz/articles/postgres-sqli)
|
||||
|
|
Loading…
Reference in a new issue