On Mon, Nov 7, 2022 at 8:25 PM Jan Bilek <jan.bilek@xxxxxxxxxxxxx> wrote:
> ...
> select * from pg_read_file('/etc/passwd' , 0 , 1000000); -> it's possible to display content of '/etc/passwd/' file
> select version(); -> Result of DBMS version request.
Input filtering may help in the interim, until you get the roles and
privileges sorted out.
> COPY (SELECT 'nc -lvvp 2346 -e /bin/bash') TO '/tmp/pentestlab'; -> it's possible to create files on the filesystem on behalf of 'postgres' user.
Prepared Statement or Parameterized Query here. In this case, don't
execute data as code.
Jeff
