Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2017-15099 PoC — PostgreSQL 安全漏洞

Source
https://github.com/ToontjeM/CVE-2017-15099
Associated Vulnerability
Title:PostgreSQL 安全漏洞 (CVE-2017-15099)
Description:INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege.
Readme
# CVE-2022-21724: JDBC RCE PostgreSQL 

## Intro
This demo will show how a non-patched JDBC driver can be used to attach PostgreSQL and gain RCE.

Affecting org.postgresql:postgresql package, versions [9.4.1208,42.2.25) [42.3.0,42.3.2)

This demo is deployed using Vagrant and will deploy the following nodes:

| Name | IP | Postgres | Remarks |
| -------- | -------- | ----- | -------- |
| attacker | 192.168.0.210 | -- | Metasploit Framework |
| vuln | 192.168.0.211 | 9.6.4 |  |
| novuln | 192.168.0.212 | 16.3 |  |

## Demo prep
### Pre-requisites
To deploy this demo the following needs to be installed in the PC from which you are going to deploy the demo:

- VirtualBox (https://www.virtualbox.org/)
- Vagrant (https://www.vagrantup.com/)
- Vagrant Hosts plug-in (`vagrant plugin install vagrant-hosts`)
- Vagrant Reload plug-in (`vagrant plugin install vagrant-reload`)

The environment is deloyed in a VirtualBox **public** network. Adjust the IP addresses to your needs in `vars.yml`.

### Provisioning VM's.
Provision the hosts using `vagrant up`. This will create the bare virtual machines and will take appx. 5 minutes to complete. 

After provisioning, the hosts will have the current directory mounted in their filesystem under `/vagrant`

### Passwords


## Demo flow
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →