Skip to content
Nuclei Templates

PostgreSQL Authentication - Detect

ID: pgsql-detect

Severity: info

Author: nybble04,geeknik

Tags: network,postgresql,db,detect,detection,tcp

Description

Section titled “Description”

PostgreSQL authentication error messages which could reveal information useful in formulating further attacks were detected.

YAML Source

Section titled “YAML Source”
id: pgsql-detect


info:
  name: PostgreSQL Authentication - Detect
  author: nybble04,geeknik
  severity: info
  description: |
    PostgreSQL authentication error messages which could reveal information useful in formulating further attacks were detected.
  reference:
    - https://www.postgresql.org/docs/current/errcodes-appendix.html
    - https://www.postgresql.org/docs/current/client-authentication-problems.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cwe-id: CWE-200
  metadata:
    verified: true
    max-request: 1
    shodan-query: port:5432 product:"PostgreSQL"
  tags: network,postgresql,db,detect,detection,tcp
tcp:
  - inputs:
      - data: "000000500003000075736572006e75636c6569006461746162617365006e75636c6569006170706c69636174696f6e5f6e616d65007073716c00636c69656e745f656e636f64696e6700555446380000"
        type: hex
      - data: "7000000036534352414d2d5348412d32353600000000206e2c2c6e3d2c723d000000000000000000000000000000000000000000000000"
        type: hex


    host:
      - "{{Hostname}}"
    port: 5432
    read-size: 2048


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "C0A000"                  # Error code for unsupported frontend protocol
          - "C08P01"                  # Error code for invalide startup packet layout
          - "28000"                   # Error code for invalid_authorization_specification
          - "28P01"                   # Error code for invalid_password
          - "SCRAM-SHA-256"           # Authentication prompt
          - "pg_hba.conf"             # Client authentication config file
          - "user \"nuclei\""         # The user nuclei (sent in request) doesn't exist
          - "database \"nuclei\""     # The db nuclei (sent in request) doesn't exist"
        condition: or


      - type: word
        words:
          - "HTTP/1.1"
        negative: true
# digest: 490a00463044022019501739047aa308dddc3d761a8fceb9db755f32b43d4c10c1f564e9d49f00d802207fa65fe670e21dfa0116069129b761b0b93c3c1ea9efb086295afc0683f9fd00:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "network/detection/pgsql-detect.yaml"

View on Github