Merge pull request #7564 from projectdiscovery/pussycat0x-patch-6
PostgreSQL - Unauthenticated Accesspatch-1
commit
3b374adffa
|
@ -0,0 +1,35 @@
|
|||
id: unauth-psql
|
||||
|
||||
info:
|
||||
name: PostgreSQL - Unauthenticated Access
|
||||
author: pussycat0x
|
||||
severity: high
|
||||
description: |
|
||||
Unauthenticated PostgreSQL Detected.
|
||||
reference:
|
||||
- https://www.postgresql.org/docs/9.6/auth-methods.html
|
||||
metadata:
|
||||
verified: "true"
|
||||
shodan-query: port:5432 product:"PostgreSQL"
|
||||
tags: network,postgresql,db,unauth
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
- data: "00000054000300007573657200706f73746772657300646174616261736500706f737467726573006170706c69636174696f6e5f6e616d65007073716c00636c69656e745f656e636f64696e6700555446380000" # default database postgres
|
||||
type: hex
|
||||
read: 1024
|
||||
- data: "510000018e53454c45435420642e6461746e616d6520617320224e616d65222c0a2020202020202070675f636174616c6f672e70675f6765745f757365726279696428642e6461746462612920617320224f776e6572222c0a2020202020202070675f636174616c6f672e70675f656e636f64696e675f746f5f6368617228642e656e636f64696e67292061732022456e636f64696e67222c0a20202020202020642e646174636f6c6c6174652061732022436f6c6c617465222c0a20202020202020642e646174637479706520617320224374797065222c0a202020202020204e554c4c2061732022494355204c6f63616c65222c0a20202020202020276c6962632720415320224c6f63616c652050726f7669646572222c0a2020202020202070675f636174616c6f672e61727261795f746f5f737472696e6728642e64617461636c2c2045275c6e272920415320224163636573732070726976696c65676573220a46524f4d2070675f636174616c6f672e70675f646174616261736520640a4f5244455220425920313b00"
|
||||
type: hex
|
||||
read: 1024
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:5432"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: raw
|
||||
words:
|
||||
- "Access privileges"
|
||||
- "Locale Provider"
|
||||
- "Owner"
|
||||
condition: and
|
Loading…
Reference in New Issue