Big Binary Files Upload (PostgreSQL)
Last updated
Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
PostgreSQL offers a structure known as large objects, accessible via the pg_largeobject
table, designed for storing large data types, such as images or PDF documents. This approach is advantageous over the COPY TO
function as it enables the exportation of data back to the file system, ensuring an exact replica of the original file is maintained.
For storing a complete file within this table, an object must be created in the pg_largeobject
table (identified by a LOID), followed by the insertion of data chunks, each 2KB in size, into this object. It is crucial that these chunks are exactly 2KB in size (with the possible exception of the last chunk) to ensure the exporting function performs correctly.
To divide your binary data into 2KB chunks, the following commands can be executed:
For encoding each file into Base64 or Hex, the commands below can be used:
Important: When automating this process, ensure to send chunks of 2KB of clear-text bytes. Hex encoded files will require 4KB of data per chunk due to doubling in size, while Base64 encoded files follow the formula ceil(n / 3) * 4
.
The contents of the large objects can be viewed for debugging purposes using:
Using lo_creat
& Base64
To store binary data, a LOID is first created:
In situations requiring precise control, such as exploiting a Blind SQL Injection, lo_create
is preferred for specifying a fixed LOID.
Data chunks can then be inserted as follows:
To export and potentially delete the large object after use:
Using lo_import
& Hex
The lo_import
function can be utilized to create and specify a LOID for a large object:
Following object creation, data is inserted per page, ensuring each chunk does not exceed 2KB:
To complete the process, the data is exported and the large object is deleted:
It's noted that large objects may have ACLs (Access Control Lists), potentially restricting access even to objects created by your user. However, older objects with permissive ACLs may still be accessible for content exfiltration.
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)