JS - pgsql

javascript/enumeration/pgsql/postgresql-empty-password.yaml

@@ -0,0 +1,33 @@
+id: postgresql-empty-password
+
+info:
+  name: Postgresql Empty Password - Detect
+  author: pussycat0x
+  severity: high
+  description: |
+    Postgresql has a flaw that allows the attacker to login with empty password.
+  reference:
+    - https://www.tenable.com/plugins/nessus/104031
+  metadata:
+    shodan-query: product:"PostgreSQL"
+  tags: js,network,postgresql
+
+javascript:
+  - code: |
+      const postgres = require('nuclei/postgres');
+      const client = new postgres.PGClient;
+      const connected = client.Connect(Host, Port, User, Pass);
+      connected;
+
+    args:
+      Host: "{{Host}}"
+      Port: 5432
+      User: "postgres"
+      Pass: "postgres"
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "success == true"
+          - "response == true"
+        condition: and