RCE with PostgreSQL Languages
Last updated
Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Hifadhi ya PostgreSQL uliyopata inaweza kuwa na lugha za skripti tofauti zilizowekwa ambazo unaweza kuzitumia ili kutekeleza msimbo wa kawaida.
Unaweza kuzipata zinafanya kazi:
Most of the scripting languages you can install in PostgreSQL have 2 flavours: the trusted and the untrusted. The untrusted will have a name ended in "u" and will be the version that will allow you to execute code and use other interesting functions. This are languages that if installed are interesting:
plpythonu
plpython3u
plperlu
pljavaU
plrubyu
... (any other programming language using an insecure version)
If you find that an interesting language is installed but untrusted by PostgreSQL (lanpltrusted
is false
) you can try to trust it with the following line so no restrictions will be applied by PostgreSQL:
Ikiwa huoni lugha, unaweza kujaribu kuipakia na (unahitaji kuwa superadmin):
Kumbuka kwamba inawezekana kukusanya toleo salama kama "lisilo salama". Angalia hii kwa mfano. Hivyo, kila wakati inafaa kujaribu ikiwa unaweza kutekeleza msimbo hata kama unapata tu toleo lililoaminika lililowekwa.
Angalia ukurasa ufuatao:
Angalia ukurasa ufuatao:
Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)