CVE-2022-21724: JDBC RCE PostgreSQL
This challenge covers how to gain code execution by leveraging a JDBC connection string with PostgreSQL
In this exercise, you will learn how to exploit a known serialization vulnerability in the Java PostgreSQL connector, specifically version 9.4.1208. This issue involves unchecked class instantiation when providing plugin classes, as detailed in the advisory on GitHub. The exploitation process involves using a JDBC URL to connect to a PostgreSQL database and leveraging an option in the JDBC driver to specify a class that allows code execution.
By exploiting a call to ClassPathXmlApplicationContext(), you can execute arbitrary code. The video walkthrough demonstrates the steps to craft an exploit using this method, including setting up a vulnerable URL, creating an exploit.xml file, and running a simple web server to host the exploit. The exercise concludes with running the crafted exploit to achieve command execution, thereby solving the challenge.