CVE-2019-9193

Related Files

PostgreSQL 9.6.1 Remote Code Execution

Posted Apr 6, 2023

Authored by Paulo Trindade, Weslley Shaimon, Bruno Stabelini, Diego Farias

PostgreSQL version 9.6.1 suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution

advisories | CVE-2019-9193

SHA-256 | 3bd97649172804b37060aa4281926dc159b04ad43309ca09a925f74901bc50a0

Download | Favorite | View

PostgreSQL 11.7 Remote Code Execution

Posted Mar 30, 2022

Authored by b4keSn4ke

PostgreSQL versions 9.3 through 11.7 remote code execution exploit.

tags | exploit, remote, code execution

advisories | CVE-2019-9193

SHA-256 | e597a53141013a6e5aaeefcbb4e28ade73077b7f1f7b8c7994ae9d9031e1d2ff

Download | Favorite | View

PostgreSQL COPY FROM PROGRAM Command Execution

Posted May 7, 2019

Authored by Jacob Wilkin | Site metasploit.com

Installations running Postgres 9.3 and above have functionality which allows for the superuser and users with 'pg_execute_server_program' to pipe to and from an external program using COPY. This allows arbitrary command execution as though you have console access. This module attempts to create a new table, then execute system commands in the context of copying the command output into the table. This Metasploit module should work on all Postgres systems running version 9.3 and above. For Linux and OSX systems, target 1 is used with cmd payloads such as: cmd/unix/reverse_perl. For Windows Systems, target 2 is used with powershell payloads such as: cmd/windows/powershell_reverse_tcp. Alternatively target 3 can be used to execute generic commands, such as a web_delivery meterpreter powershell payload or other customized command.

tags | exploit, arbitrary

systems | linux, windows, unix, apple

advisories | CVE-2019-9193

SHA-256 | c46a7605f2f59df142894ab93e39c6fbb9ceb49da8db00d316382c22458faf6e

Download | Favorite | View