PostgreSQLでのSQLインジェクションでシステムコマンド実行

https://www.postgresql.org/docs/9.3/static/sql-copy.html

今朝気づいたが、バージョン9.3以降では、COPYコマンド経由(PROGRAM)で外部コマンドを簡単に起動できる。xp_cmdshellの亡霊が再び…なんちゃって…

Advertisements


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s