Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

DBeaver Database Connections

By kannthu

Informative
Vidoc logoVidoc Module
#dbeaver#files#exposure
Description

What is the "DBeaver Database Connections?"

The "DBeaver Database Connections" module is designed to detect misconfigurations in the DBeaver database management software. DBeaver is a popular open-source tool used for managing and manipulating databases. This module focuses on identifying potential vulnerabilities or misconfigurations related to database connections.

This module has an informative severity level, which means it provides valuable information without indicating a critical security issue.

Author: geeknik

Impact

This module aims to identify potential misconfigurations or vulnerabilities in the DBeaver database connections. If any issues are detected, it could indicate insecure or improperly configured connections, which may lead to unauthorized access or data exposure.

How the module works?

The "DBeaver Database Connections" module utilizes HTTP request templates and matching conditions to perform its scanning. It sends a GET request to the "/.dbeaver/data-sources.json" endpoint and applies specific matchers to identify potential misconfigurations.

Matching conditions:

- The response body must contain the following words: ""folders": {", ""connection-types": {", and ""connections": {". - The response status code must be 200.

If both matching conditions are met, the module will report a potential vulnerability or misconfiguration related to DBeaver database connections.

Reference: https://dbeaver.com/docs/wiki/Admin-Manage-Connections/

Metadata: verified: true

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/.dbeaver/data-sourc...
Matching conditions
word: "folders": {, "connection-types": {, "co...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability