Learning

参考 Postgresql注入笔记 写udf，可是执行到创建函数 CREATE OR REPLACE FUNCTION sys_eval (text) RETURNS text AS "/var/lib/postgresql/9.6/main/udf.so", "sys_eval" LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE ; 这一步时报语法错误：“ERROR:  syntax error at or near ""/var/lib/postgresql/9.6/main/udf.so"" LINE 1: CREATE OR REPLACE FUNCTION exec() RETURNS text AS "/var/lib/...”，将sql语句中的双引号改为单引号后则没有了语法错误，可是重新执行，postgresql终端却报错： "server closed the connection unexpectedly This probably means the server terminated abnormally before or while processing the request. The connection to the server was lost. Attempting reset: Failed." 查看postgresql日志，报错记录为： "server process (PID 1958) was terminated by signal 11: Segmentation fault" 找了很久，终于在文章 渗透中利用postgresql getshell  中找到了原因： 如果块之间小于2048,默认会用0去填充让块达到2048字节所以上传的文件才会一直创建函数失败.  然后按作者说的将udf.so文件分割成每2048字节的块后成功创建了udf，可以执行命令。