PostgreSQL version 9.6.1 suffers from an authenticated remote code execution vulnerability.
3bd97649172804b37060aa4281926dc159b04ad43309ca09a925f74901bc50a0
PostgreSQL versions 9.3 through 11.7 remote code execution exploit.
e597a53141013a6e5aaeefcbb4e28ade73077b7f1f7b8c7994ae9d9031e1d2ff
Installations running Postgres 9.3 and above have functionality which allows for the superuser and users with 'pg_execute_server_program' to pipe to and from an external program using COPY. This allows arbitrary command execution as though you have console access. This module attempts to create a new table, then execute system commands in the context of copying the command output into the table. This Metasploit module should work on all Postgres systems running version 9.3 and above. For Linux and OSX systems, target 1 is used with cmd payloads such as: cmd/unix/reverse_perl. For Windows Systems, target 2 is used with powershell payloads such as: cmd/windows/powershell_reverse_tcp. Alternatively target 3 can be used to execute generic commands, such as a web_delivery meterpreter powershell payload or other customized command.
c46a7605f2f59df142894ab93e39c6fbb9ceb49da8db00d316382c22458faf6e