You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PostgreSQL Large Objects and UDF (User Defined Functions) RCE exploit re-written in javascript, for easy chaining with XSS
3
+
4
+
## Methdology
5
+
```
6
+
Step 1: Create a DLL file that will contain our malicious code
7
+
Step 2: Inject a query that creates a large object from an arbitrary remote file on disk
8
+
Step 3: Inject a query that updates page 0 of the newly created large object with the first 2KB of our DLL
9
+
Step 4: Inject queries that insert additional pages into the pg_largeobject table to contain the remainder of our DLL
10
+
Step 5: Inject a query that exports our large object (DLL) onto the remote server file system
11
+
Step 6: Inject a query that creates a PostgreSQL User Defined Function (UDF) based on our exported DLL
12
+
Step 7: Inject a query that executes our newly created UDF
13
+
```
14
+
15
+
## Requirements <br>
16
+
1.**jQuery:** If the target page does not have jQuery included, you can add it from exploit script like [this](https://stackoverflow.com/questions/1140402/how-to-add-jquery-in-js-file/36343307)
17
+
2.**Linux/Windows/MAC OSX:** To generate postgres extension
18
+
19
+
## Setup
20
+
Follow this article to generate a database extension for the target machine <br>
0 commit comments