GitBook: [#3646] No subject
This commit is contained in:
parent
46a292b93a
commit
8ea8130d00
@ -25,8 +25,9 @@ SELECT lanname,lanpltrusted,lanacl FROM pg_language;
|
|||||||
Most of the scripting languages you can install in PostgreSQL have **2 falvours**: the **trusted** and the **untrusted**. The **untrusted** will have a name **ended in "u"** and will be the version that will allow you to **execute code** and use other interesting functions. This are languages that if installed are interesting:
|
Most of the scripting languages you can install in PostgreSQL have **2 falvours**: the **trusted** and the **untrusted**. The **untrusted** will have a name **ended in "u"** and will be the version that will allow you to **execute code** and use other interesting functions. This are languages that if installed are interesting:
|
||||||
|
|
||||||
* **plpythonu**
|
* **plpythonu**
|
||||||
* **perlu**
|
* **plpython3u**
|
||||||
* **javaU**
|
* **plperlu**
|
||||||
|
* **pljavaU**
|
||||||
* **plrubyu**
|
* **plrubyu**
|
||||||
* ... (any other programing language using an insecure version)
|
* ... (any other programing language using an insecure version)
|
||||||
|
|
||||||
@ -34,13 +35,13 @@ Most of the scripting languages you can install in PostgreSQL have **2 falvours*
|
|||||||
Note that it's posisble to compile the secure versions as "unsecure". Check [**this**](https://www.robbyonrails.com/articles/2005/08/22/installing-untrusted-pl-ruby-for-postgresql.html) for example. So it's always worth trying if you can execute code even if you only find installed the **trusted** one.
|
Note that it's posisble to compile the secure versions as "unsecure". Check [**this**](https://www.robbyonrails.com/articles/2005/08/22/installing-untrusted-pl-ruby-for-postgresql.html) for example. So it's always worth trying if you can execute code even if you only find installed the **trusted** one.
|
||||||
{% endhint %}
|
{% endhint %}
|
||||||
|
|
||||||
If you find that an interesting language is **installed** but **untrusted** by PostgreSQL (`lanpltrusted` is `false`) you can try to **enable it** with:
|
If you find that an interesting language is **installed** but **untrusted** by PostgreSQL (`lanpltrusted` is `false`) you can try to **trust it** with the following line so no restrictins will be applied by PostgreSQL:
|
||||||
|
|
||||||
```sql
|
```sql
|
||||||
UPDATE pg_language SET lanpltrusted=true WHERE lanname='c';
|
UPDATE pg_language SET lanpltrusted=true WHERE lanname='plpythonu';
|
||||||
```
|
```
|
||||||
|
|
||||||
## plpythonu
|
## plpythonu/plpython3u
|
||||||
|
|
||||||
{% tabs %}
|
{% tabs %}
|
||||||
{% tab title="RCE" %}
|
{% tab title="RCE" %}
|
||||||
|
Loading…
Reference in New Issue
Block a user