postgres-exporter-metrics: Postgres Exporter Metrics

漏洞描述

PoC代码[已公开]

id: postgres-exporter-metrics

info:
  name: Postgres Exporter Metrics
  author: DhiyaneshDk
  severity: low
  description: Postgres Exporter Metrics is exposed.
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"Postgres exporter"
  tags: postgres,exposure,debug,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/metrics"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "postgres"
          - "# HELP"
        condition: and

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100e920e491262407362e07701eebc3a606c58f0696c43ad4210e6167efe056a647022100d2d50d9fa771827e82a807c95c07f78ddfaf33b7937f80039d78a7ddda0bf412:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• IDEMIA BIOMetrics 弱口令漏洞
• Appsmith postgres 代码执行漏洞（CVE-2024-55963）
• POC CVE-2022-0149: WooCommerce Stored Exporter WordPress Plugin < 2.7.1 - Cross-Site Scripting
• POC CVE-2023-50290: Apache Solr - Host Environment Variables Leak via Metrics API
• POC postgresql-audit-disabled: PostgreSQL Database Instances - SQL Auditing Disabled
• POC azure-postgresql-db-delete-unalerted: Azure PostgreSQL Database Delete Alert Not Configured
• POC azure-postgresql-db-update-unalerted: Azure PostgreSQL Database Create/Update Alert Not Configured
• POC azure-nsg-postgresql-unrestricted: Unrestricted PostgreSQL Database Access in Azure NSGs
• POC azure-postgres-allow-azure-services-disabled: Azure PostgreSQL Access From Azure Services Disabled
• POC azure-postgres-connection-throttling-disabled: Azure PostgreSQL Server Connection Throttling Disabled
• POC azure-postgres-double-encryption-disabled: Azure PostgreSQL Single Server Double Encryption Not Enabled
• POC azure-postgres-log-checkpoints-disabled: Azure PostgreSQL Flexible Server log_checkpoints Disabled
• POC azure-postgres-log-connections-disabled: Azure PostgreSQL Log Connections Not Enabled