Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Fanruan Report 2012 Information Disclosure" module is designed to detect an information disclosure vulnerability in the Fanruan Report 2012 software. This vulnerability allows an attacker to access sensitive information by exploiting a specific URL. The severity of this vulnerability is classified as high.
This module was authored by YanYun.
If successfully exploited, the information disclosure vulnerability in Fanruan Report 2012 can lead to the exposure of sensitive data. This can include details such as connection information, including the connection name, driver, password, URL, and user credentials.
The "Fanruan Report 2012 Information Disclosure" module works by sending HTTP requests to specific endpoints in the Fanruan Report 2012 software. It then applies a set of matching conditions to determine if the vulnerability is present.
One example of an HTTP request used by this module is:
GET /ReportServer?op=fr_server&cmd=sc_getconnectioninfo
The module applies the following matching conditions:
- The response status must be 200. - The response body must contain the following keywords: "connection", "name", "driver", "password", "url", and "user". - The response headers must include the "application/json" content type.If all of these conditions are met, the module identifies the presence of the information disclosure vulnerability in Fanruan Report 2012.
Reference: