Updated Postgres SQL Injection Cheat Sheet
I just read Nico Leidecker’s Having Fun With Postgres paper. He mostly talks about the dblink function which is sometimes enabled in Postgres – it’s a bit like MSSQL’s openrowset . There’s also some good generic advice on what to do when you get DBA access – like exeucting OS-level commands. I’ve updated the cheat sheet . Good work Nico!
Posted in Blog