Apache Pinot Insecurity
Check out my post on the Doyensec blog about hacking database system Apache Pinot: Apache Pinot SQLi & RCE Cheat Sheet.
The main purpose is to discuss how if you already have SQL injection you can escalate it to Remote Code Execution.
I also dropped a 0-day bug about the insane behaviour of OPTION(a=b)
. In pathological cases this could lead to SQLi, but the risk is super low so I don't think it was too naughty. It will be really useful for fingerprinting though.
Additionally there are Denial of Service bugs (ReDoS and lack of any effective timeouts) mentioned.
Note that there are no CVEs or advisories associated with any of these bugs.
Enjoy!