postgressql

Updated Postgres SQL Injection Cheat Sheet

I just read Nico Leidecker’s Having Fun With Postgres paper.  He mostly talks about the dblink function which is sometimes enabled in Postgres – it’s a bit like MSSQL’s openrowset .  There’s also some good generic advice on what to do when you get DBA access – like exeucting OS-level commands.  I’ve updated the cheat […]