World of SELECT-only PostgreSQL Injections: (Ab)using the filesystem
👤 by Maksym Vatsyk
In this article, author managed to escalate the impact of a seemingly very restricted SQL injection to a critical level by recreating DELETE and UPDATE statements from scratch via the direct modification of the DBMS files and data, and develop a novel technique of escalating user permissions!
Excessive server file read/write permissions can be a powerful tool in the wrong hands. There is still much to discover with this attack vector, but he hopes you’ve learned something useful today.
📝 Contents:
● Introduction
● PostgreSQL storage concepts
● Updating the PostgreSQL data without UPDATE
● SELECT-only RCE
● Conclusions
● References
● Source code
https://phrack.org/issues/71/8.html#article
