PostgreSQL RCE / Reverse Shell
exploitationtool
Summary
Use the squid22 PostgreSQL_RCE script to turn authenticated PostgreSQL access (superuser COPY ... PROGRAM) into command execution and a reverse shell.
Walkthrough
With superuser access to PostgreSQL, the COPY ... TO/FROM PROGRAM feature allows arbitrary command execution, which this script automates into a reverse shell.
Steps
- Clone the PostgreSQL_RCE helper and point it at the target DB with valid credentials.
- Run it with a listener ready to receive the reverse shell.
Commands
bash
git clone https://github.com/squid22/PostgreSQL_RCE