Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

There is a privilege escalation in PostgreSQL once a user had the ability to execute arbitrary commands into PostgreSQL.

This bug came down to a issue with the reverting functionality of a query in the database. Mainly, by abusing the state handling of the revert functionality.

INITIALLY DEFERRED can be used in order to delay commands from being ran. In particular, this delays when a constraint on a given object is looked at. This code was executed AFTER the context switch of users, allowing for the changing of sensitive information.

From there, the author had to find a way to trigger all of the functionality in the proper order.

Overall, super cool privilege escalation! This acts as a TOCTOU bug but more refers to the state handling not being properly reverted. I wish there was a 'tldr' on the article though.