This article will help pentesters use their familiarity with classic database systems such as Postgres and MariaDB, and apply it to Apache Pinot. In this post, we will show how a classic SQL-injection (SQLi) bug in a Pinot-backed API can be escalated to Remote Code Execution (RCE) and then discuss post-exploitation.
Research is one of our founding principles and we invest in it heavily. All of our researchers have the privilege to use %25 of their time, or one week every month, exclusively for self-directed research. We aim to provide research-driven application security, enabling trust in our client's products and evolving the resilience of the digital ecosystem. By discovering new vulnerabilities and attack techniques, we are constantly improving our capabilities and contributing to the security of the digital world.