Discover and read the best of Twitter Threads about #hellskeychain

Most recents (1)

Profile picture
Nir Ohfeld
@nirohfeld
We found a Remote Code Execution vulnerability in every #PostgreSQL database in #IBMCloud ๐Ÿ˜ฑ

Here is how we did it: ๐Ÿงต

#HellsKeychain
We set up a PostgreSQL instance in IBM Cloud and tried to execute code using the 'COPY FROM PROGRAM' statement. Unfortunately, this failed due to insufficient privileges. We were blocked! ๐Ÿšซ
We reviewed all IBM Cloud's proprietary functions that had the 'security definer' flag (meaning they will run as superuser). One of these functions had a SQL Injection vulnerability that we were able to exploit:
Read 16 tweets

Related hashtags

#securitytips #PostgreSQL #IBMCloud #k8s #HellsKeychain #containers #cybersecurity

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!