## https://sploitus.com/exploit?id=53C2CAF7-EEAD-5529-8250-EACEA16708FA
# CVE-2025-1094
- Đây chỉ là tài liệu mang tính chất học tập. Chỉ xem tham khảo và đừng làm phiền chính quyền.
- This content is for educational purposes only. Use for reference only and do not contact the police.
## Vulnerability Details
- **CVE ID**: CVE-2025-1094
- **Vulnerable System**: PostgreSQL (misconfigured functions)
- **Exploit Path**: SQL Injection → WebSocket Hijacking → Remote Code Execution (RCE)
## How It Works
1. **SQL Injection (SQLi)**: The attack begins with injecting malicious SQL commands into a vulnerable PostgreSQL endpoint. The payload uses `lo_export` to read sensitive files from the server.
2. **WebSocket Hijacking**: The attacker hijacks an open WebSocket connection and sends a payload to execute the RCE. This triggers a reverse shell connection back to the attacker’s system.
3. **Remote Code Execution (RCE)**: The reverse shell provides the attacker full control over the server, allowing further exploitation.
## Env
- **JDK**: 22
## Modity to run poc
- `REVERSE_IP`: Your attacker's IP address
- `REVERSE_PORT`: The port on which your listener is running
- `TARGET_URL`: The vulnerable endpoint to attack
- `WEBSOCKET_URL`: The WebSocket URL to hijack