Hey Im, trying to do this RCE too. I’m currently at the moment when py script lunches CREATE FUNCTION command, but it doesn’t work. I’m using SELECT lo_put instead of INSERT to upload shellcode to large objects. Can anyone give any hint? =)
Managed to figureout with help, something with my Python script
Someone who would like to drop a nudge?
I see the flaw but all my payloads are not working for some reasons 
DM me in case!
I’m in the same situation…managed to bypass most of the filter words (in lab), but I’m not able to find any substitute for the ;
The query does not seem to run without it…can anyone help me with this?
Looking also for help with the login part. Can enumerate all columns table, but have problem with the passwords column. i can’t get the full name of it, i got the first 5 characters tough. I’ve extracted usernames and emails. I would appreciate a hint or help for how to get the password column, i think i need the hash for generating the reset link.
I am facing same problems, seems like the password field is null… Lenght is giving back zero!
Where both email/username/first name works…
EDIT: NVM I got it!
can i dm you for a hint? still working on that password field.
1 Like