All Questions
Tagged with postgresqlsql-injection
19 questions
1vote
0answers
25views
Using database_to_xml in SQL Injection on PostgreSQL doesn't show data
we have found SQL injection on a PostgreSQL database. Stacked and UNION payloads. We have created a table to store data as needed and the UNION to extract either from the table or to pull out data ...
- 307
0votes
1answer
1kviews
How to do character escaping in PostgreSQL to prevent a SQL injection attack?
I want to prevent SQL injection attacks in a rather abstract application. Therefore I want to escape all user provided input as described here. The other options provided on this page don't fit in my ...
- 113
1vote
0answers
2kviews
Bypass sql injection filtering (whitespace, /, *) [closed]
I want to bypass a sql injection waf that replaces /,* and whitespaces. This is a payload I want use : ?parameter=22321'union select CAST(normal_column AS bigint),'a','b' from normal_table-- But the ...
- 11
3votes
1answer
706views
Does "row-level security" actually serve a security purpose?
Row-level security is often an industry requirement in secure environments, such as those dealing with payment cards. It's supported by most major relational databases, including PostgreSQL, Microsoft ...
- 5,468
0votes
1answer
404views
Escaping out of a select query to run a statement that modifies data in the database
Lets say you use SELECT * FROM ($query) sub where you can swap $query to any query you wish. Is there a way to escape this select and run a command that modifies data in the database?
1vote
1answer
7kviews
Cannot perform SQL injection because of the weird postgresql syntax that is used
I have a website that uses ManageEngine Service Plus and it has a SQL injection vulnerability the linksays that with the help of the following url we would be able to inject postgresql commands to get ...
2votes
0answers
146views
When using parameterized SQL queries, is there still any *security* issue with simply blindly accepting user input variables?
Suppose I have this: parameterized_database_call('SELECT * FROM widgets WHERE id = $1', $_GET['widget_id']); The SQL query is parameterized, as I've done for many years now. (I'm trying to repress ...
- 21
1vote
1answer
1kviews
Why intruder number of threads has an effect on the time delay of indiviual requests
I was solving SQL injection lab on Portswigger, and the lab was asking to exploit blind SQL injection by triggering time delays, using that to retrieve administrator password. I was making 720 ...
- 123
0votes
1answer
2kviews
PostgreSQL injection with basic sanitization
I'm trying to figure out if an SQLi for the following PostgreSQL/Java code exists. public void availableItems(String name) { return this.query("SELECT * FROM items WHERE name='"+name+"...
3votes
3answers
448views
Is SQL injection still a bad thing if the user is restricted to non-harmful queries?
Suppose I have a very simple PHP application that acts as a front-end for an SQL database. The user enters their query into a box, and the app shows the query results in a table. To prevent a user ...
2votes
2answers
187views
How can a restricted window for sql injections be abused?
I have a postgres 11 database with no confidential information in it and in the application an intruder can write queries inside the following update statement. UPDATE table SET col_a = val_b WHERE {...
2votes
2answers
404views
Allowing users to input raw SQL in update statement safely
I'm building an application and I have some very, very advanced users who can come up with endless filters they want. They know SQL so in the end gave them some of the filters and said in the bottom ...
1vote
1answer
251views
What kinds of attacks are possible with credentials to a read-only Postgres user?
Assuming I implement the literal SQL-injection on an HTTP endpoint with a read-only user that limits execution time to e.g. some amount of seconds. What's the worst that could happen? I know simple ...
- 153
2votes
1answer
1kviews
SQL injection on PostgreSQL in integer field?
I was trying https://server/shared/sendemail?sendto=" and got this response: Database operation "0or1row" failed (exception ERROR, "ERROR: invalid input syntax for integer:""" LINE 4: where user_id ...
- 23
71votes
3answers
14kviews
Is this a SQL injection attack or is it some sort of bug?
I was looking through some data in our database when I came across a bunch of weird user_id entries: user_id -1080) ORDER BY 1# -1149 UNION ALL SELECT 79,79,79,79,79,79,79,79,79# -1359' UNION ALL ...
- 805
