Update to Postgres SQL Injection Cheat Sheet

Reiners spotted that I hadn’t included any info about writing files via SLQ injection in PostgreSQL.  I’ve update the Postgres Cheat Sheet accordingly.  Thanks Reiners. He’s also written some detailed blogs about SQL injection in MySQL that are worth reading: MySQL Table and Column Names MySQL Into Outfile  

Importing OSVDB into a Postgres Database

I was looking at the Open Source Vulnerbility Database (OSVDB) recently.  If you haven’t come across it before, it’s a source vulnerability information, similar to bugtraq or secunia. OSVDB has a good web frontend which is easy to search.  I was investigating if the database could be downloaded and searched offline during onsite pentests when […]

Updated Postgres SQL Injection Cheat Sheet

I just put some finishing touches to the PostgreSQL Injection Cheat Sheet .  All the TODO items have been removed now.  Let me know if you have any extra info you think should be included on the cheat sheet.

Postgres SQL Injection Cheat Sheet

Some useful syntax reminders for SQL Injection into PostgreSQL databases…

Cracking Postgres Password Hashes with MDCrack

As far as I’m aware there are aren’t many good password crackers around for PostgreSQL database password hashes.  Here are a few notes on how to crack postgres password hashes quickly using MDCrack.  Even though MDCrack is a Windows program, it works well enough under WINE for our purposes.  Linux users can therefore benefit from […]