CVE-2018-1058

HIGH LAB

PostgreSQL 9.3-10 - Authenticated Remote Code Execution via Query Behavior Modification

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-1058. PoCs published by ccchme.

AI-analyzed exploit summary This repository demonstrates CVE-2018-1058, a PostgreSQL privilege escalation vulnerability via uncontrolled search path. It includes a Docker-based environment to reproduce the attack, where an attacker creates a malicious function in the public schema that a victim unknowingly executes.

Description

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.

Exploits (1)

nomisec WORKING POC

by ccchme · poc

https://github.com/ccchme/CVE-2018-1058

View Code ZIP pw:eip

This repository demonstrates CVE-2018-1058, a PostgreSQL privilege escalation vulnerability via uncontrolled search path. It includes a Docker-based environment to reproduce the attack, where an attacker creates a malicious function in the public schema that a victim unknowingly executes.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: PostgreSQL 10.2

Auth required

Prerequisites: Docker · Docker Compose · PostgreSQL client (optional)

MITRE ATT&CK