mirror of
https://github.com/projectdiscovery/nuclei.git
synced 2026-01-31 15:53:10 +08:00
5d79201299
Make sure postgres Exec/ExecContext are invoked with the correct argument order, preventing context from being passed as the query. * fixing pg syntax * adding test
48 lines
1010 B
YAML
48 lines
1010 B
YAML
id: postgres-pass-brute
|
|
|
|
info:
|
|
name: PostgreSQL Password Bruteforce
|
|
author: pdteam
|
|
severity: high
|
|
description: |
|
|
This template bruteforces passwords for protected PostgreSQL instances.
|
|
If PostgreSQL is not protected with password, it is also matched.
|
|
metadata:
|
|
shodan-query: product:"PostgreSQL"
|
|
tags: js,network,postgresql,authentication
|
|
|
|
javascript:
|
|
- pre-condition: |
|
|
isPortOpen(Host,Port)
|
|
|
|
code: |
|
|
const postgres = require('nuclei/postgres');
|
|
const client = new postgres.PGClient;
|
|
success = client.Connect(Host, Port, User, Pass);
|
|
|
|
args:
|
|
Host: "{{Host}}"
|
|
Port: "5432"
|
|
User: "{{usernames}}"
|
|
Pass: "{{passwords}}"
|
|
|
|
attack: clusterbomb
|
|
payloads:
|
|
usernames:
|
|
- postgres
|
|
- admin
|
|
- root
|
|
passwords:
|
|
- ""
|
|
- postgres
|
|
- password
|
|
- admin
|
|
- root
|
|
stop-at-first-match: true
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "success == true"
|
|
|