Nytro Posted July 21, 2013 Report Posted July 21, 2013 A tool for exploiting SQL injections in PostgreSQL databases. Download [TABLE] [TR] [TD]pgshell[/TD] [/TR][TR] [/TR][TR] [TD]test-env.sh[/TD] [/TR] [/TABLE] Introduction The pgshell Perl script exploits configuration weaknesses in the PostgreSQL database management system as they were discribed in the corresponding paper (Having Fun With PostgreSQL). It not only allows to gather target system and user information but also privilege escalation, executing of shell commands and uploading of binary files. The general usage of pgshell could be outlined in three steps:gathering informationcreating the system and the upload frameworklaunching a shell and uploading filesThe minimal parameters are the target host and a request file. The request file contains the HTTP request to send to the server plus a tag <<INJECTION>> that indicates, where to perform the SQL injection. A simple request file can look like this:GET /index.php?id=1;<<INJECTION>> HTTP/1.0If not stated otherwise, every execution of pgshell reads from and writes to a session file. This way, informations won't get lost and the process can be resumed at any time. Additional there are certain settings that can be made in order to work properly against the target system. If you wish to launch a shell or to upload files you need to know the path to the libc. Furthermore, for uploading files, pgshell creates a function which uses the libc function open. Two parameters are needed in order to successfully open a file. These values are the OR'ed (O_CREAT | O_APPEND | O_RDWR) and S_IRWXU. Find out, what values those will be on your target system and put everything in an initial session file:=target.libc=/lib/libc.so.6=target.flag.open=522=target.flag.mode=448Sursa si mai multe informatii: leidecker.info Quote
