CVE-2025-1094 Exploit SQL Injection to RCE via WebSocket in PostgreSQL# CVE-2025-1094
- Đây chỉ là tài liệu mang tính chất học tập. Chỉ xem tham khảo và đừng làm phiền chính quyền.
- This content is for educational purposes only. Use for reference only and do not contact the police.
## Vulnerability Details
- **CVE ID**: CVE-2025-1094
- **Vulnerable System**: PostgreSQL (misconfigured functions)
- **Exploit Path**: SQL Injection → WebSocket Hijacking → Remote Code Execution (RCE)
## How It Works
1. **SQL Injection (SQLi)**: The attack begins with injecting malicious SQL commands into a vulnerable PostgreSQL endpoint. The payload uses `lo_export` to read sensitive files from the server.
2. **WebSocket Hijacking**: The attacker hijacks an open WebSocket connection and sends a payload to execute the RCE. This triggers a reverse shell connection back to the attacker’s system.
3. **Remote Code Execution (RCE)**: The reverse shell provides the attacker full control over the server, allowing further exploitation.
## Env
- **JDK**: 22
## Modity to run poc
- `REVERSE_IP`: Your attacker's IP address
- `REVERSE_PORT`: The port on which your listener is running
- `TARGET_URL`: The vulnerable endpoint to attack
- `WEBSOCKET_URL`: The WebSocket URL to hijack
[4.0K] /data/pocs/d71d899950d22fcdc38e675c7ad952d6e506c690
├── [4.0K] Exploit-CVE-2025-1094
│ ├── [ 960] pom.xml
│ └── [4.0K] src
│ └── [4.0K] main
│ └── [4.0K] java
│ └── [3.9K] WebSocketExploit.java
└── [1.2K] README.md
4 directories, 3 files