RCE with PostgreSQL Languages
PostgreSQL Languages
Hifadhi ya PostgreSQL uliyopata inaweza kuwa na lugha za skripti tofauti zilizowekwa ambazo unaweza kuzitumia ili kutekeleza msimbo wa kawaida.
Unaweza kuzipata zinafanya kazi:
Most of the scripting languages you can install in PostgreSQL have 2 flavours: the trusted and the untrusted. The untrusted will have a name ended in "u" and will be the version that will allow you to execute code and use other interesting functions. This are languages that if installed are interesting:
plpythonu
plpython3u
plperlu
pljavaU
plrubyu
... (any other programming language using an insecure version)
If you find that an interesting language is installed but untrusted by PostgreSQL (lanpltrusted
is false
) you can try to trust it with the following line so no restrictions will be applied by PostgreSQL:
Ikiwa huoni lugha, unaweza kujaribu kuipakia na (unahitaji kuwa superadmin):
Kumbuka kwamba inawezekana kukusanya toleo salama kama "lisilo salama". Angalia hii kwa mfano. Hivyo, kila wakati inafaa kujaribu ikiwa unaweza kutekeleza msimbo hata kama unapata tu toleo lililoaminika lililowekwa.
plpythonu/plpython3u
pgSQL
Angalia ukurasa ufuatao:
PL/pgSQL Password BruteforceC
Angalia ukurasa ufuatao:
RCE with PostgreSQL ExtensionsLast updated