CVE-2025-1094: SQL Injection to RCE via WebSocket 🚀 This repository contains a proof of concept (PoC) exploit for CVE-2025-1094, a vulnerability in PostgreSQL that allows an SQL Injection (SQLi) attack to escalate to Remote Code Execution (RCE) through WebSocket hijacking. Overview This exploit leverages an SQL Injection vulnerability in PostgreSQL to inject malicious code that reads sensitive files, such as /etc/passwd, and stores them on the vulnerable server. The exploit then hijacks an active WebSocket connection to execute arbitrary commands, ultimately achieving a remote shell on the compromised server. Vulnerability Details CVE ID: CVE-2025-1094 Vulnerable System: PostgreSQL (misconfigured functions) Exploit Path: SQL Injection → WebSocket Hijacking → Remote Code Execution (RCE) How It Works SQL Injection (SQLi): The attack begins with injecting malicious SQL commands into a vulnerable PostgreSQL endpoint. The payload uses lo_export to read sensitive files from the server. WebSocket Hijacking: The attacker hijacks an open WebSocket connection and sends a payload to execute the RCE. This triggers a reverse shell connection back to the attacker’s system. Remote Code Execution (RCE): The reverse shell provides the attacker full control over the server, allowing further exploitation. PoC (Proof of Concept) sql SELECT lo_export( (SELECT convert_from(pg_read_file('/etc/passwd'), 'UTF8')), '/tmp/payload'); The above SQL payload reads the /etc/passwd file and saves…Read More