Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2025-1094 PoC — PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

Source
https://github.com/shacojx/CVE-2025-1094-Exploit
Associated Vulnerability
Title:PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation (CVE-2025-1094)
Description:Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
Description
CVE-2025-1094 Exploit SQL Injection to RCE via WebSocket in PostgreSQL
Readme
# CVE-2025-1094

   - Đây chỉ là tài liệu mang tính chất học tập. Chỉ xem tham khảo và đừng làm phiền chính quyền.
   - This content is for educational purposes only. Use for reference only and do not contact the police.


## Vulnerability Details

- **CVE ID**: CVE-2025-1094
- **Vulnerable System**: PostgreSQL (misconfigured functions)
- **Exploit Path**: SQL Injection → WebSocket Hijacking → Remote Code Execution (RCE)

## How It Works

1. **SQL Injection (SQLi)**: The attack begins with injecting malicious SQL commands into a vulnerable PostgreSQL endpoint. The payload uses `lo_export` to read sensitive files from the server.
   
2. **WebSocket Hijacking**: The attacker hijacks an open WebSocket connection and sends a payload to execute the RCE. This triggers a reverse shell connection back to the attacker’s system.

3. **Remote Code Execution (RCE)**: The reverse shell provides the attacker full control over the server, allowing further exploitation.

## Env

- **JDK**: 22

## Modity to run poc

   - `REVERSE_IP`: Your attacker's IP address
   - `REVERSE_PORT`: The port on which your listener is running
   - `TARGET_URL`: The vulnerable endpoint to attack
   - `WEBSOCKET_URL`: The WebSocket URL to hijack
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →