JS - pgsql

javascript/enumeration/pgsql/pgsql-version-detect.yaml

@@ -0,0 +1,43 @@
+id: pgsql-version-detect
+
+info:
+  name: Postgresql Version - Detect
+  author: pussycat0x
+  severity: info
+  description: |
+    Postgresql has a flaw that allows the attacker to login with empty password.
+  reference:
+    - https://www.tenable.com/plugins/nessus/104031
+  metadata:
+    shodan-query: product:"PostgreSQL"
+  tags: js,network,postgresql
+
+javascript:
+  - code: |
+      const postgres = require('nuclei/postgres');
+      const client = new postgres.PGClient;
+      connected =  client.ExecuteQuery(Host, Port, User, Pass, Db, "select version();");
+      Export(connected);
+
+    args:
+      Host: "{{Host}}"
+      Port: 5432
+      User: "{{usernames}}"
+      Pass: "{{password}}"
+      Db: "{{database}}"
+#      Query: "\du"
+
+    payloads:
+      usernames:
+        - postgres
+      database:
+        - postgres
+      password:
+        - postgres
+
+    attack: clusterbomb
+
+    extractors:
+      - type: json
+        json:
+          - '.Rows[0].version'