CVE-2019-9193 PoC — PostgreSQL 操作系统命令注入漏洞

Source

https://github.com/paulotrindadec/CVE-2019-9193

Associated Vulnerability

Title:PostgreSQL 操作系统命令注入漏洞 (CVE-2019-9193)
Description:PostgreSQL是PostgreSQL组织的一套自由的对象关系型数据库管理系统。该系统支持大部分SQL标准并且提供了许多其他特性，例如外键、触发器、视图等。 PostgreSQL 9.3至11.2版本中的导入导出数据命令‘COPY TO/FROM PROGRAM’存在操作系统命令注入漏洞。攻击者可利用该漏洞获取数据库超级用户权限，从而执行任意系统命令。

Readme

# CVE-2019–9193 - PostgreSQL 9.6.1 Remote Code Execution (Authenticated)

## Proof of Concept

PostgreSQL Database from version 9.6.1 are vulnerable to Authenticated Remote Code Execution.<br>
Even if it isn't considered to be a vulnerability itself by the development team, this could be leveraged to gain access to a misconfigured system.

### Help Menu
---
![Help Menu - Proof Of Concept](img/xpl01.png)

### Exploitation example
---
![Exploit - Proof Of Concept](img/xpl02.png)

## References

- NVD: [https://nvd.nist.gov/vuln/detail/CVE-2019-9193](https://nvd.nist.gov/vuln/detail/CVE-2019-9193)
- CVE Details: [https://www.cvedetails.com/cve/CVE-2019-9193/](https://www.cvedetails.com/cve/CVE-2019-9193/)
- PostgreSQL: [https://www.postgresql.org/about/news/cve-2019-9193-not-a-security-vulnerability-1935/](https://www.postgresql.org/about/news/cve-2019-9193-not-a-security-vulnerability-1935/)

File Snapshot


 [4.0K]  /data/pocs/fa91802da839cd831cd72294287617c79abc6e45
├── [3.1K]  exploit.py
├── [4.0K]  img
│   ├── [444K]  xpl01.png
│   └── [188K]  xpl02.png
└── [ 905]  README.md

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!