zlacker

[parent] [thread] 2 comments
1. phoron+(OP)[view] [source] 2025-01-05 14:58:04
Are you sure about that? Last I checked pg admins had command execution on the DB host, as well as FS r/w and traversal.

See https://www.postgresql.org/docs/current/sql-copy.html#id-1.9...

Specifically the `filename` and `PROGRAM` parameters.

And that is documented expected out of the box behaviour without even looking for an exploit...

replies(1): >>63stac+CP
2. 63stac+CP[view] [source] 2025-01-05 21:50:55
>>phoron+(OP)
It's funny that you said TFA a few comments earlier, because you seem to have not read the article either, or are making some great leaps here.

If the break in happened as you would explain the article would also mention that:

* the attacker gained access to the postgres user or equally privileged user

* they used specific SQL commands to execute code

* would have not claimed the vulnerability was about docker containers and exposed ports

And the take away would not be "be careful with exposing your home server to the internet", but would be "anyone with admin privileges to postgres is able to execute arbitrary code".

replies(1): >>phoron+zJ1
◧◩
3. phoron+zJ1[view] [source] [discussion] 2025-01-06 08:34:13
>>63stac+CP
The article would only say that if OP was competent enough to determine exactly what went wrong. I did read the article however I do not agree with the conclusions in it as simply opening a postgres port to the Internet while having set up authentication correctly, is not fatal (though admittedly inadvisable).
[go to top]