Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add postgres-default-logins #1

Merged
merged 2 commits into from
Mar 23, 2025
Merged

Add postgres-default-logins #1

merged 2 commits into from
Mar 23, 2025

Conversation

riteshs4hu
Copy link
Contributor

  • Added postgres-default-logins template for detecting default PostgreSQL credentials.

@DhiyaneshGeek DhiyaneshGeek self-assigned this Mar 23, 2025
@DhiyaneshGeek DhiyaneshGeek added Done Initial Review Completed Good First Issue First Time Contributor labels Mar 23, 2025
@DhiyaneshGeek
Copy link
Member

Validated Locally

nuclei -u 0.0.0.0 -id postgres-default-logins -debug -vv

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.3.10

		projectdiscovery.io

[INF] Current nuclei version: v3.3.10 (latest)
[INF] Current nuclei-templates version: v10.1.5 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 281
[INF] Templates loaded for current scan: 1
[INF] Executing 1 signed templates from projectdiscovery/nuclei-templates
[INF] Targets loaded for current scan: 1
[postgres-default-logins] Postgres - Default Logins (@ice3man) [high]
[DBG]  [postgres-default-logins] Javascript Code:

	var m = require("nuclei/postgres");
	var c = m.PGClient();
	c.Connect(Host, Port, User, Pass);

[DBG] [postgres-default-logins] Dumped Javascript response for 0.0.0.0:5432:
map[string]interface {}:2 {
  "response": "true",
  "success": "true",
} address=0.0.0.0:5432
[DBG] [postgres-default-logins] Dumped Javascript response for 0.0.0.0:5432:
map[string]interface {}:2 {
  "success": "true",
  "response": "true",
} address=0.0.0.0:5432
[postgres-default-logins:dsl-1] [javascript] [high] 0.0.0.0:5432 [passwords="admin",usernames="postgres"]
[postgres-default-logins:dsl-1] [javascript] [high] 0.0.0.0:5432 [passwords="password",usernames="postgres"]
[DBG] [postgres-default-logins] Dumped Javascript response for 0.0.0.0:5432:
map[string]interface {}:2 {
  "response": "true",
  "success": "true",
} address=0.0.0.0:5432
[postgres-default-logins:dsl-1] [javascript] [high] 0.0.0.0:5432 [passwords="postgres",usernames="postgres"]
[DBG] [postgres-default-logins] Dumped Javascript response for 0.0.0.0:5432:
map[string]interface {}:2 {
  "success": "true",
  "response": "true",
} address=0.0.0.0:5432
[postgres-default-logins:dsl-1] [javascript] [high] 0.0.0.0:5432 [passwords="secret",usernames="postgres"]

@DhiyaneshGeek
Copy link
Member

Hi @riteshs4hu,

Thank you so much for sharing the vulnerable setup, detailed instructions, and a clear explanation! 🍻

Your contribution makes it easier for the community to test and understand the vulnerability effectively. You can grab some cool PD stickers here: http://nux.gg/stickers 😄

Looking forward to more awesome contributions from you! 🚀

@ritikchaddha ritikchaddha merged commit e25ea05 into projectdiscovery:main Mar 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ritikchaddha ritikchaddha ritikchaddha approved these changes

Assignees

@DhiyaneshGeek DhiyaneshGeek

Labels
Done Initial Review Completed Good First Issue First Time Contributor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@riteshs4hu @DhiyaneshGeek @ritikchaddha