GitBook: [#3646] No subject

pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-languages.md

@@ -25,8 +25,9 @@ SELECT lanname,lanpltrusted,lanacl FROM pg_language;
 Most of the scripting languages you can install in PostgreSQL have **2 falvours**: the **trusted** and the **untrusted**. The **untrusted** will have a name **ended in "u"** and will be the version that will allow you to **execute code** and use other interesting functions. This are languages that if installed are interesting:
 
 * **plpythonu**
-* **perlu**
-* **javaU**
+* **plpython3u**
+* **plperlu**
+* **pljavaU**
 * **plrubyu**
 * ... (any other programing language using an insecure version)
 
@@ -34,13 +35,13 @@ Most of the scripting languages you can install in PostgreSQL have **2 falvours*
 Note that it's posisble to compile the secure versions as "unsecure". Check [**this**](https://www.robbyonrails.com/articles/2005/08/22/installing-untrusted-pl-ruby-for-postgresql.html) for example. So it's always worth trying if you can execute code even if you only find installed the **trusted** one.
 {% endhint %}
 
-If you find that an interesting language is **installed** but **untrusted** by PostgreSQL (`lanpltrusted` is `false`) you can try to **enable it** with:
+If you find that an interesting language is **installed** but **untrusted** by PostgreSQL (`lanpltrusted` is `false`) you can try to **trust it** with the following line so no restrictins will be applied by PostgreSQL:
 
 ```sql
-UPDATE pg_language SET lanpltrusted=true WHERE lanname='c';
+UPDATE pg_language SET lanpltrusted=true WHERE lanname='plpythonu';
 ```
 
-## plpythonu
+## plpythonu/plpython3u
 
 {% tabs %}
 {% tab title="RCE" %}