GenPostgresRCEExploit is a PoC tool designed to exploit an authenticated Remote Code Execution (RCE) vulnerability in certain versions of PostgreSQL (9.3 - 11.7). It allows authenticated users to execute system commands on a PostgreSQL database server vulnerable to CVE-2019-9193.
- Exploitation of RCE: Executes system commands through an authenticated PostgreSQL session.
- Version Check: Checks the version of the target PostgreSQL server to confirm the presence of a vulnerability.
- Command Execution: Allows user commands to be executed on the server if it is vulnerable.
- Automatic Table Management: Creates and deletes a temporary table to execute commands without manual intervention.
- Python 3.x
- PostgreSQL client library (package
psycopg2)
- Clone the repository:
``bash
git clone https://github.com/AxthonyV/CVE-2019-9193
cd CVE-2019-9193
- Install the required packages:
pip install -r requirements.txt
python3 GenPostgresRCEExploit.py -i <target_ip> -p <port> -d <database_name> -U <username> -P <password> -c “<system_command>”-i,--ip: IP address of the PostgreSQL server (Default: 127.0.0.1)-p,--port: PostgreSQL server port (Default: 5432)-d,--database: PostgreSQL database name (Default: template1)-U,--user: Username to connect to the PostgreSQL server (Default: postgres)-P,--password: Password to connect to PostgreSQL server (Default: postgres)-c,---command: System command to be executed on the server-t,--timeout: Connection timeout in seconds (Default: 10)
``bash python3 GenPostgresRCEExploit.py -i 192.168.1.10 -p 5432 -d mydb -U myuser -P mypass -c “whoami”
This example connects to the PostgreSQL server at `192.168.1.10`, authenticates with the provided credentials, and executes the `whoami` command.
## Example output
$ python3 GenPostgresRCEExploit.py -i 192.168.1.10 -p 5432 -d testdb -U postgres -P mypassword -c “whoami”
[+] Connection to PostgreSQL database at 192.168.1.10:5432 [+] Connection successfully established [+] PostgreSQL version check [+] Vulnerable PostgreSQL version detected: 10.4 [+] Temporary table creation: temp_3f8b8f9e2c9c11d7bd8f7c61d4e9eaf2 [+] Command successfully executed
postgres
## Disclaimer
This tool is intended for educational purposes and ethical testing only. Unauthorized use of this tool against any systems is illegal and strictly prohibited. The authors do not take responsibility for any misuse.
# RU
**GenPostgresRCEExploit** is a PoC exploit designed to exploit remote code execution (RCE) vulnerability in certain versions of PostgreSQL (9.3 - 11.7). The program allows authenticated users to execute system commands on a PostgreSQL server vulnerable to CVE-2019-9193.
## Features
- **Exploit RCE**: Execute system commands over an authenticated connection to PostgreSQL.
- **Version Check**: Checks the version of the target PostgreSQL server for vulnerabilities.
- **Command Execution**: Allows arbitrary commands to be executed on the server in the presence of a vulnerability.
- **Table Management**: Automatically creates and deletes a temporary table for command execution.
## Requirements
- Python 3.x
- PostgreSQL client library (`psycopg2` package)
## Installation
1. Clone the repository:
```bash
git clone https://github.com/geniuszly/CVE-2019-9193
cd CVE-2019-9193
```
2. Install the required packages:
````bash
pip install -r requirements.txt
```
## Usage
````bash
python3 GenPostgresRCEExploit.py -i <IP address> -p <port> -d <database_name> -U <user> -P <password> -c “<system_command>”
-i,--ip: IP address of PostgreSQL server (Default: 127.0.0.1)-p,--port: PostgreSQL server port (Default: 5432)-d,--database: PostgreSQL database name (Default: template1)-U,--user: Username to connect to the PostgreSQL server (Default: postgres)-P,--password: Password to connect to PostgreSQL server (Default: postgres)-c,--command: System command to execute on the server-t,--timeout: Connection timeout in seconds (Default: 10)
python3 GenPostgresRCEExploit.py -i 192.168.1.10 -p 5432 -d mydb -U myuser -P mypass -c “whoami”In this example, the program connects to the PostgreSQL server at 192.168.1.10, authenticates with the specified credentials, and executes the whoami command.
$ python3 GenPostgresRCEExploit.py -i 192.168.1.10 -p 5432 -d testdb -U postgres -P mypassword -c “whoami”
[+] Connection to PostgreSQL database at 192.168.1.10:5432
[+] Connection successfully established
[+] PostgreSQL version check
[+] Vulnerable PostgreSQL version detected: 10.4
[+] Temporary table creation: temp_3f8b8f9e2c9c11d7bd8f7c61d4e9eaf2
[+] Command successfully executed
postgres
This tool is for educational purposes and legal testing only. Unauthorized use of this tool against any systems is illegal and strictly prohibited. The authors are not responsible for any misuse.