漏洞描述
Exposed PostgreSQL history files (.psql_history) were detected. These files contain a record of executed SQL commands and may disclose sensitive information like passwords, database schemas, and query logic.
postgres-history-exposure: PostgreSQL History - Exposure
PoC代码[已公开]
id: postgres-history-exposure
info:
name: PostgreSQL History - Exposure
author: theamanrawat,0x_Akoko
severity: low
description: |
Exposed PostgreSQL history files (.psql_history) were detected. These files contain a record of executed SQL commands and may disclose sensitive information like passwords, database schemas, and query logic.
reference:
- https://www.postgresql.org/docs/current/app-psql.html#APP-PSQL-FILES
metadata:
verified: true
max-requests: 3
tags: postgres,exposure,config,history,database
http:
- method: GET
path:
- "{{BaseURL}}/.psql_history"
- "{{BaseURL}}/psql_history"
- "{{BaseURL}}/.postgresql_history"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- '!contains(content_type, "text/html")'
- 'contains_all(to_lower(body), "select", "from", "where")'
- 'contains_any(body, "select * from", "SELECT * FROM", "insert into", "INSERT INTO", "update ", "UPDATE ")'
- 'regex("(?m)^\\\\(q|h|\\?|g|d|dt|du|l|c|connect|copy)", body)'
condition: and
# digest: 4a0a004730450221008f34acec346e672966a9bbf243e6c332ae3f57a377d2daacc0e11cd88519d45f022030eb25a9dfc735fca15469184f752320ee8f1b20527656dc0e7536599403c4ed:922c64590222798bb761d5b6d8e72950