PostgreSQL CREATE LANGUAGE Execution

Posted by deepcore on April 9, 2016 – 10:17 am

Some installations of Postgres 8 and 9 are configured to allow loading external scripting languages. Most commonly this is Perl and Python. When enabled, command execution is possible on the host. To execute system commands, loading the “untrusted” version of the language is necessary. This requires a superuser. This is usually postgres. The execution should be platform-agnostic, and has been tested on OS X, Windows, and Linux. This Metasploit module attempts to load Perl or Python to execute system commands. As this dynamically loads a scripting language to execute commands, it is not necessary to drop a file on the filesystem. Only Postgres 8 and up are supported.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« http://md-nakhonphanom.go.th/x.txt WordPress Multiple Meta Box 1.0 SQL Injection »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

PostgreSQL CREATE LANGUAGE Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL