For the first edition of ZeroDay Cloud, the new kid around the hacking competitions, we had a look at multiple targets. PostgreSQL, one of the most-used database systems, was an interesting one: Plain C code base, with some parts being over 20 years old. We found an interesting bug, but it was not straight-forward to exploit and led us down a rabbit hole of UTF-8 mishandling and forced us to learn about the internals of PostgreSQL's custom allocator. After overcoming several roadblocks, we eventually managed to develop an exploit chain, turning SQL queries into a shell.
Paul Gerste is a vulnerability researcher at Sonar. He has a proven talent for finding security issues, demonstrated by his two successful Pwn2Own participations and discoveries in popular applications like PostgreSQL, Grafana, and Proton Mail. When Paul is not at work, he enjoys playing CTFs with team FluxFingers and organizing Hack.lu CTF.
Moritz is a security engineer at day and a hacker at night. He enjoys participating in all sorts of hacking challenges, from CTFs with team FluxFingers to competitions like Pwn2Own. He also engages in security research in non-competitive settings, reporting vulnerabilities to all kinds of software he pokes at.
