postgrel

首先按照惯例，肯定是需要对PostgreSQL数据库进行一系列信息收集的，常用的命令有以下这些：

-- 版本信息

select version();

show server_version;

select pg_read_file('PG_VERSION', 0, 200);

-- 数字版本信息包括小版号

SHOW server_version_num;

SELECT current_setting('server_version_num');

-- 获取安装目录（通过路径可以判断系统是linux还是windows的）

select setting from pg_settings where name = 'data_directory';

-- 获取配置文件路径

selectsetting from pg_settings where name='config_file'

-- 获取Postgres内网ip地址

select inet_server_addr()

#BrokenSesame: Accidental ‘write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database Services | Wiz Blog

CVE-2020-25695 Privilege Escalation in Postgresql | Staaldraad

https://staaldraad.github.io/post/2020-12-15-cve-2020-25695-postgresql-privesc/

GitHub - gh-ost00/CVE-2024-10979: Details and proof-of-concept for a vulnerability affecting PostgreSQL environment variable handling via PL/Python functions.

https://www.wiz.io/blog/the-cloud-has-an-isolation-problem-postgresql-vulnerabilities