Merge pull request #7564 from projectdiscovery/pussycat0x-patch-6

PostgreSQL - Unauthenticated Access
patch-1
Dhiyaneshwaran 2023-07-01 19:08:04 +05:30 committed by GitHub
commit 3b374adffa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 35 additions and 0 deletions

View File

@ -0,0 +1,35 @@
id: unauth-psql
info:
name: PostgreSQL - Unauthenticated Access
author: pussycat0x
severity: high
description: |
Unauthenticated PostgreSQL Detected.
reference:
- https://www.postgresql.org/docs/9.6/auth-methods.html
metadata:
verified: "true"
shodan-query: port:5432 product:"PostgreSQL"
tags: network,postgresql,db,unauth
tcp:
- inputs:
- data: "00000054000300007573657200706f73746772657300646174616261736500706f737467726573006170706c69636174696f6e5f6e616d65007073716c00636c69656e745f656e636f64696e6700555446380000" # default database postgres
type: hex
read: 1024
- data: "510000018e53454c45435420642e6461746e616d6520617320224e616d65222c0a2020202020202070675f636174616c6f672e70675f6765745f757365726279696428642e6461746462612920617320224f776e6572222c0a2020202020202070675f636174616c6f672e70675f656e636f64696e675f746f5f6368617228642e656e636f64696e67292061732022456e636f64696e67222c0a20202020202020642e646174636f6c6c6174652061732022436f6c6c617465222c0a20202020202020642e646174637479706520617320224374797065222c0a202020202020204e554c4c2061732022494355204c6f63616c65222c0a20202020202020276c6962632720415320224c6f63616c652050726f7669646572222c0a2020202020202070675f636174616c6f672e61727261795f746f5f737472696e6728642e64617461636c2c2045275c6e272920415320224163636573732070726976696c65676573220a46524f4d2070675f636174616c6f672e70675f646174616261736520640a4f5244455220425920313b00"
type: hex
read: 1024
host:
- "{{Hostname}}"
- "{{Host}}:5432"
matchers:
- type: word
part: raw
words:
- "Access privileges"
- "Locale Provider"
- "Owner"
condition: and