SQLi: Writing files to disk under PostgreSQL
Posted on December 21, 2008 in Research • Tagged with exploiting, PostgreSQL, SQL Injection, SQLi, writing file • 6 min read
Table of Contents
1. Introduction
2. Default configuration
3. COPY Function
3.1 COPY function abusing
4. BLOB functions
4.1 BLOB functions abusing
5. User defined functions
5.1 User defined functions abusing
6. Conclusions
7. References
1. Introduction
The following examples assume access to the database has been achieved through SQL Injection vulnerability in a web application.
Sometimes, against best practice, the application has connected to the database using superuser credentials.
2. Default configuration
In some systems the configuration files of PostgreSQL are owned by the user used to run the PostgreSQL process.
For example in my Ubuntu …
Continue reading