Detects the exposure of PostgreSQL credentials and history files (.pgpass) via HTTP. These files may contain plaintext database usernames and passwords, and their leakage could allow unauthorized access to sensitive databases or internal infrastructure.
PoC代码[已公开]
id: postgres-credentials-exposure
info:
name: PostgreSQL Credentials - Exposure
author: theamanrawat
severity: high
description: |
Detects the exposure of PostgreSQL credentials and history files (.pgpass) via HTTP. These files may contain plaintext database usernames and passwords, and their leakage could allow unauthorized access to sensitive databases or internal infrastructure.
reference:
- https://www.postgresql.org/docs/current/libpq-pgpass.html
- https://cheatsheetseries.owasp.org/cheatsheets/Database_Security_Cheat_Sheet.html#postgresql
tags: exposure,config,postgres,database
http:
- method: GET
path:
- "{{BaseURL}}/.pgpass"
matchers-condition: and
matchers:
- type: regex
name: pgpass
regex:
- "([a-zA-Z0-9.-]+):5432:([a-zA-Z0-9_*-]+):([a-zA-Z0-9_-]+):(.+)"
- type: status
status:
- 200
# digest: 490a0046304402207a98d543aa829b78032c9393ab38f737652f01a6768aaa64f069efcdaa26f93802200569dd8b5446e2fb31def5aa240668a98c4ddfb4794875bedf80f17470017aec:922c64590222798bb761d5b6d8e72950