pgadmin4

28 Feb 2017

PostgreSQL pgAdmin4 – Insecure Library Loading Allows Code Execution

Python + PostgreSQL pgAdmin4 – Insecure Library Loading Allows Code Execution (DLL Hijacking Vulnerability)


Confirmed on products
pgAdmin4 v1.1: Current version packaged with PostgreSQL v9.6.1.1 (Windows x86 Current version)

Tested on
Windows 7 SP1 + python 2.7.13 (current version)

Note - This is a vulnerability in python, which gets manifested via pgAdmin4. Other applications and softwares that use python, may as well be vulnerable.

This vulnerability can allow attackers to execute arbitrary code on vulnerable installations of pgAdmin4 software. pgAdmin4 is a GUI application for database server administration, and comes packaged with PostgreSQL package. User interaction is required to exploit this vulnerability in that the malicious dll file(s) should be saved in any of the DLL search paths.

Confirmed on products
pgAdmin4 v1.1 -> Current version packaged with PostgreSQL v9.6.1.1 (Windows x86 Current version)

Read on for details and poc.

Read more