Postgresql Empty Password - Detect

ID: pgsql-empty-password

Severity: critical

Author: pussycat0x

Tags: js,network,postgresql,authenticated

Description

Postgresql has a flaw that allows the attacker to login with empty password.

YAML Source

id: pgsql-empty-password

info:
  name: Postgresql Empty Password - Detect
  author: pussycat0x
  severity: critical
  description: |
    Postgresql has a flaw that allows the attacker to login with empty password.
  reference:
    - https://www.tenable.com/plugins/nessus/104031
  metadata:
    verified: true
    max-request: 1
    shodan-query: "product:\"PostgreSQL\""
  tags: js,network,postgresql,authenticated

javascript:
  - pre-condition: |
      isPortOpen(Host,Port);
    code: |
      const postgres = require('nuclei/postgres');
      const client = new postgres.PGClient;
      const connected = client.Connect(Host, Port, User, Pass);
      connected;

    args:
      Host: "{{Host}}"
      Port: 5432
      User: "postgres"
      Pass: ""

    matchers:
      - type: dsl
        dsl:
          - "success == true"
          - "response == true"
        condition: and
# digest: 4b0a004830460221008bcd327b2e09ad0cffc66e7c15b273184a017bb5aa26940bc75dab5323064248022100d8a9067ef4b491eb968ba126221e26e341cd0fb3c6a6776a3d8c9a9997eb8763:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "javascript/misconfiguration/pgsql/pgsql-empty-password.yaml"

View on Github