Update

javascript/enumeration/pgsql/pgsql-version-detect.yaml

@@ -3,14 +3,14 @@ id: pgsql-version-detect
 info:
   name: Postgresql Version - Detect
   author: pussycat0x
-  severity: info
+  severity: high
   description: |
-    Postgresql has a flaw that allows the attacker to login with empty password.
+    Detect Postgresql Version.
   reference:
-    - https://www.tenable.com/plugins/nessus/104031
+    - https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/PostgreSQL%20Injection.md#postgresql-version
   metadata:
     shodan-query: product:"PostgreSQL"
-  tags: js,network,postgresql
+  tags: js,network,postgresql,enum,authenticated
 
 javascript:
   - code: |
@@ -25,17 +25,18 @@ javascript:
       User: "{{usernames}}"
       Pass: "{{password}}"
       Db: "{{database}}"
-#      Query: "\du"
 
     payloads:
       usernames:
         - postgres
-      database:
-        - postgres
+        - admin
       password:
         - postgres
-
-    attack: clusterbomb
+        -
+        - 123
+        - amber
+      database:
+        - postgres
 
     extractors:
       - type: json