CVE-2019-9193

This Metasploit module exploits CVE-2019-9193 by leveraging PostgreSQL's COPY FROM PROGRAM functionality to execute arbitrary commands. It creates a table, copies command output into it, and supports multiple platforms (Unix, Windows, OSX).

This exploit leverages PostgreSQL's COPY FROM PROGRAM feature to execute arbitrary system commands via a trigger-based payload. It requires authentication and demonstrates RCE by creating a table, function, and trigger to execute the provided command.

This exploit leverages PostgreSQL's COPY FROM PROGRAM feature to execute arbitrary system commands via authenticated SQL queries. It creates a temporary table, executes the command, and retrieves the output, demonstrating RCE in PostgreSQL versions 9.3-11.7.

This is a functional exploit for CVE-2019-9193, leveraging PostgreSQL's COPY FROM PROGRAM feature to execute arbitrary system commands. It requires authentication and creates a temporary table to capture command output.

This is a functional exploit for CVE-2019-9193, leveraging PostgreSQL's COPY FROM PROGRAM feature to execute arbitrary system commands on vulnerable versions (9.3-11.7). It includes version checking, temporary table management, and command execution via authenticated PostgreSQL sessions.

This PoC exploits CVE-2019-9193 in PostgreSQL by leveraging the 'COPY TO/FROM PROGRAM' feature to execute arbitrary commands, establishing a reverse shell. It requires superuser or 'pg_execute_server_program' privileges.

This is a functional exploit for CVE-2019-9193, leveraging PostgreSQL's COPY FROM PROGRAM feature to execute arbitrary system commands via a trigger. It requires authentication and demonstrates RCE by creating a table, function, and trigger to execute the provided command.

This is a functional exploit for CVE-2019-9193, leveraging PostgreSQL's COPY FROM PROGRAM feature to execute arbitrary system commands. It requires authentication and targets PostgreSQL versions 9.3 to 11.7.

This repository provides a functional proof-of-concept for CVE-2019-9193, demonstrating how PostgreSQL's COPY FROM PROGRAM feature can be exploited for remote command execution (RCE) by superusers or users with the pg_execute_server_program role. The lab includes a Dockerized environment and step-by-step instructions to read a flag file via OS command injection.

This repository provides a working proof-of-concept for CVE-2019-9193, a PostgreSQL vulnerability allowing arbitrary command execution via the COPY FROM PROGRAM feature. It includes setup instructions and exploit steps for versions 9.3 to 11.

This is a functional exploit for CVE-2019-9193, leveraging PostgreSQL's COPY FROM PROGRAM feature to execute arbitrary system commands on vulnerable PostgreSQL servers (9.3-11.7). It includes version checking and automated table management for command execution.

This is a functional exploit for CVE-2019-9193, leveraging PostgreSQL's COPY FROM PROGRAM feature to execute arbitrary commands on the server. It establishes an authenticated connection and provides a pseudo-shell for command execution.

This Metasploit module exploits PostgreSQL's COPY FROM PROGRAM functionality to execute arbitrary commands via authenticated SQL queries. It creates a table, executes a payload via COPY, and optionally dumps output for debugging.