POC详情: 01016ed30d65f44bf5091b663879321a65085013

来源
https://github.com/AxthonyV/CVE-2019-9193
关联漏洞
标题: PostgreSQL 操作系统命令注入漏洞 (CVE-2019-9193)
描述:PostgreSQL是PostgreSQL组织的一套自由的对象关系型数据库管理系统。该系统支持大部分SQL标准并且提供了许多其他特性,例如外键、触发器、视图等。 PostgreSQL 9.3至11.2版本中的导入导出数据命令‘COPY TO/FROM PROGRAM’存在操作系统命令注入漏洞。攻击者可利用该漏洞获取数据库超级用户权限,从而执行任意系统命令。
描述
PoC tool designed to exploit an authenticated Remote Code Execution (RCE) vulnerability in certain versions of PostgreSQL (9.3 - 11.7)
介绍
# EN
**GenPostgresRCEExploit** is a PoC tool designed to exploit an authenticated Remote Code Execution (RCE) vulnerability in certain versions of PostgreSQL (9.3 - 11.7). It allows authenticated users to execute system commands on a PostgreSQL database server vulnerable to CVE-2019-9193.

## Features
- **Exploitation of RCE**: Executes system commands through an authenticated PostgreSQL session.
- **Version Check**: Checks the version of the target PostgreSQL server to confirm the presence of a vulnerability.
- **Command Execution**: Allows user commands to be executed on the server if it is vulnerable.
- **Automatic Table Management**: Creates and deletes a temporary table to execute commands without manual intervention.

## Requirements
- Python 3.x
- PostgreSQL client library (package `psycopg2`)

## Installation
1. Clone the repository:
    ``bash
    git clone https://github.com/AxthonyV/CVE-2019-9193
    cd CVE-2019-9193
    ```
2. Install the required packages:
    ```bash
    pip install -r requirements.txt
    ```

## Usage
```bash
python3 GenPostgresRCEExploit.py -i <target_ip> -p <port> -d <database_name> -U <username> -P <password> -c “<system_command>”
```

### Options
- `-i`, `--ip`: IP address of the PostgreSQL server (Default: 127.0.0.1)
- `-p`, `--port`: PostgreSQL server port (Default: 5432)
- `-d`, `--database`: PostgreSQL database name (Default: template1)
- `-U`, `--user`: Username to connect to the PostgreSQL server (Default: postgres)
- `-P`, `--password`: Password to connect to PostgreSQL server (Default: postgres)
- `-c`, `---command`: System command to be executed on the server
- `-t`, `--timeout`: Connection timeout in seconds (Default: 10)

## Example
``bash
python3 GenPostgresRCEExploit.py -i 192.168.1.10 -p 5432 -d mydb -U myuser -P mypass -c “whoami”
```
This example connects to the PostgreSQL server at `192.168.1.10`, authenticates with the provided credentials, and executes the `whoami` command.

## Example output
```
$ python3 GenPostgresRCEExploit.py -i 192.168.1.10 -p 5432 -d testdb -U postgres -P mypassword -c “whoami”

[+] Connection to PostgreSQL database at 192.168.1.10:5432
[+] Connection successfully established
[+] PostgreSQL version check
[+] Vulnerable PostgreSQL version detected: 10.4
[+] Temporary table creation: temp_3f8b8f9e2c9c11d7bd8f7c61d4e9eaf2
[+] Command successfully executed

postgres
```

## Disclaimer
This tool is intended for educational purposes and ethical testing only. Unauthorized use of this tool against any systems is illegal and strictly prohibited. The authors do not take responsibility for any misuse.

# RU
**GenPostgresRCEExploit** is a PoC exploit designed to exploit remote code execution (RCE) vulnerability in certain versions of PostgreSQL (9.3 - 11.7). The program allows authenticated users to execute system commands on a PostgreSQL server vulnerable to CVE-2019-9193.

## Features
- **Exploit RCE**: Execute system commands over an authenticated connection to PostgreSQL.
- **Version Check**: Checks the version of the target PostgreSQL server for vulnerabilities.
- **Command Execution**: Allows arbitrary commands to be executed on the server in the presence of a vulnerability.
- **Table Management**: Automatically creates and deletes a temporary table for command execution.

## Requirements
- Python 3.x
- PostgreSQL client library (`psycopg2` package)

## Installation
1. Clone the repository:
    ```bash
    git clone https://github.com/geniuszly/CVE-2019-9193
    cd CVE-2019-9193
    ```
2. Install the required packages:
    ````bash
    pip install -r requirements.txt
    ```

## Usage
````bash
python3 GenPostgresRCEExploit.py -i <IP address> -p <port> -d <database_name> -U <user> -P <password> -c “<system_command>”
```

### Options
- `-i`, `--ip`: IP address of PostgreSQL server (Default: 127.0.0.1)
- `-p`, `--port`: PostgreSQL server port (Default: 5432)
- `-d`, `--database`: PostgreSQL database name (Default: template1)
- `-U`, `--user`: Username to connect to the PostgreSQL server (Default: postgres)
- `-P`, `--password`: Password to connect to PostgreSQL server (Default: postgres)
- `-c`, `--command`: System command to execute on the server
- `-t`, `--timeout`: Connection timeout in seconds (Default: 10)

## Example
```bash
python3 GenPostgresRCEExploit.py -i 192.168.1.10 -p 5432 -d mydb -U myuser -P mypass -c “whoami”
```
In this example, the program connects to the PostgreSQL server at `192.168.1.10`, authenticates with the specified credentials, and executes the `whoami` command.

## Example output
```
$ python3 GenPostgresRCEExploit.py -i 192.168.1.10 -p 5432 -d testdb -U postgres -P mypassword -c “whoami”

[+] Connection to PostgreSQL database at 192.168.1.10:5432
[+] Connection successfully established
[+] PostgreSQL version check
[+] Vulnerable PostgreSQL version detected: 10.4
[+] Temporary table creation: temp_3f8b8f9e2c9c11d7bd8f7c61d4e9eaf2
[+] Command successfully executed

postgres
```

## Disclaimer
This tool is for educational purposes and legal testing only. Unauthorized use of this tool against any systems is illegal and strictly prohibited. The authors are not responsible for any misuse.
文件快照

 [4.0K]  /data/pocs/01016ed30d65f44bf5091b663879321a65085013
├── [4.4K]  GenPostgresRCEExploit.py
├── [1.0K]  LICENSE
├── [5.2K]  README.md
└── [  15]  requirements.txt

0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。