漏洞描述
Unauthenticated PostgreSQL Detected.
unauth-psql: PostgreSQL - Unauthenticated Access
PoC代码[已公开]
id: unauth-psql
info:
name: PostgreSQL - Unauthenticated Access
author: pussycat0x
severity: high
description: |
Unauthenticated PostgreSQL Detected.
reference:
- https://www.postgresql.org/docs/9.6/auth-methods.html
metadata:
verified: "true"
max-request: 1
shodan-query: port:5432 product:"PostgreSQL"
tags: network,postgresql,db,unauth,misconfig,tcp,vuln
tcp:
- inputs:
- data: "00000054000300007573657200706f73746772657300646174616261736500706f737467726573006170706c69636174696f6e5f6e616d65007073716c00636c69656e745f656e636f64696e6700555446380000" # default database postgres
type: hex
read: 1024
- data: "510000018e53454c45435420642e6461746e616d6520617320224e616d65222c0a2020202020202070675f636174616c6f672e70675f6765745f757365726279696428642e6461746462612920617320224f776e6572222c0a2020202020202070675f636174616c6f672e70675f656e636f64696e675f746f5f6368617228642e656e636f64696e67292061732022456e636f64696e67222c0a20202020202020642e646174636f6c6c6174652061732022436f6c6c617465222c0a20202020202020642e646174637479706520617320224374797065222c0a202020202020204e554c4c2061732022494355204c6f63616c65222c0a20202020202020276c6962632720415320224c6f63616c652050726f7669646572222c0a2020202020202070675f636174616c6f672e61727261795f746f5f737472696e6728642e64617461636c2c2045275c6e272920415320224163636573732070726976696c65676573220a46524f4d2070675f636174616c6f672e70675f646174616261736520640a4f5244455220425920313b00"
type: hex
read: 1024
host:
- "{{Hostname}}"
port: 5432
matchers-condition: and
matchers:
- type: word
part: raw
words:
- "Access privileges"
- "Locale Provider"
- "Owner"
condition: and
- type: word
part: raw
words:
- "FTP"
- "HTTP"
- "500"
condition: or
negative: true
# digest: 490a00463044022029543cd2df44165e8ad12665c07c2a0b226816ede997e2250dc1bf67bc50656b0220318c0d814078b029f380e3e67a00328befceb8cdc316524aa7315a3544d508e6:922c64590222798bb761d5b6d8e72950