You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to the prestodb introduction: Presto is a distributed SQL query engine designed to query large data sets distributed over one or more heterogeneous data sources.
from my tests on an exposed prestodb UI, attackers can execute arbitrary SQL queries in an exposed prestodb UI. I couldn't find a way to execute an os-level command, but performing a generic SQL query is easy.
According to the prestodb introduction: Presto is a distributed SQL query engine designed to query large data sets distributed over one or more heterogeneous data sources.
from my tests on an exposed prestodb UI, attackers can execute arbitrary SQL queries in an exposed prestodb UI. I couldn't find a way to execute an os-level command, but performing a generic SQL query is easy.
we can run an instance quickly with docker: https://hub.docker.com/r/prestodb/presto
documentation: http://prestodb.io/docs/0.286/overview.html
The text was updated successfully, but these errors were encountered: