coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

GitBook: [#3646] No subject

Browse Source
This commit is contained in:
CPol 2022-11-03 20:00:21 +00:00 committed by gitbook-bot
parent 46a292b93a
commit 8ea8130d00
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-languages.md
View File

@ -25,8 +25,9 @@ SELECT lanname,lanpltrusted,lanacl FROM pg_language;
Most of the scripting languages you can install in PostgreSQL have **2 falvours**: the **trusted** and the **untrusted**. The **untrusted** will have a name **ended in "u"** and will be the version that will allow you to **execute code** and use other interesting functions. This are languages that if installed are interesting: Most of the scripting languages you can install in PostgreSQL have **2 falvours**: the **trusted** and the **untrusted**. The **untrusted** will have a name **ended in "u"** and will be the version that will allow you to **execute code** and use other interesting functions. This are languages that if installed are interesting:
* **plpythonu** * **plpythonu**
* **perlu** * **plpython3u**
* **javaU** * **plperlu**
* **pljavaU**
* **plrubyu** * **plrubyu**
* ... (any other programing language using an insecure version) * ... (any other programing language using an insecure version)
@ -34,13 +35,13 @@ Most of the scripting languages you can install in PostgreSQL have **2 falvours*
Note that it's posisble to compile the secure versions as "unsecure". Check [**this**](https://www.robbyonrails.com/articles/2005/08/22/installing-untrusted-pl-ruby-for-postgresql.html) for example. So it's always worth trying if you can execute code even if you only find installed the **trusted** one. Note that it's posisble to compile the secure versions as "unsecure". Check [**this**](https://www.robbyonrails.com/articles/2005/08/22/installing-untrusted-pl-ruby-for-postgresql.html) for example. So it's always worth trying if you can execute code even if you only find installed the **trusted** one.
{% endhint %} {% endhint %}
If you find that an interesting language is **installed** but **untrusted** by PostgreSQL (`lanpltrusted` is `false`) you can try to **enable it** with: If you find that an interesting language is **installed** but **untrusted** by PostgreSQL (`lanpltrusted` is `false`) you can try to **trust it** with the following line so no restrictins will be applied by PostgreSQL:
```sql ```sql
UPDATE pg_language SET lanpltrusted=true WHERE lanname='c'; UPDATE pg_language SET lanpltrusted=true WHERE lanname='plpythonu';
``` ```
## plpythonu ## plpythonu/plpython3u
{% tabs %} {% tabs %}
{% tab title="RCE" %} {% tab title="RCE" %}