Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Kiwi TCMS Information Disclosure

By kannthu

Vidoc logoVidoc Module

What is the "Kiwi TCMS Information Disclosure?"

The "Kiwi TCMS Information Disclosure" module is designed to detect a specific vulnerability in the Kiwi TCMS software. This vulnerability allows for the exposure of sensitive information due to a misconfiguration. The severity of this vulnerability is classified as high.


If exploited, the "Kiwi TCMS Information Disclosure" vulnerability can result in the unauthorized disclosure of sensitive information. This can include usernames, as well as other data related to active users of the Kiwi TCMS software.

How the module works?

The "Kiwi TCMS Information Disclosure" module works by sending a specific HTTP request to the target system. The request is designed to exploit the misconfiguration in the Kiwi TCMS software and retrieve sensitive information. The module uses the following matching conditions to determine if the vulnerability is present:

- The HTTP response status must be 200. - The response body must contain the words "result", "username", "jsonrpc", and "is_active".

By analyzing the response based on these conditions, the module can determine if the vulnerability exists and report it accordingly.

Example HTTP request:

POST /json-rpc/ HTTP/1.1
Host: <Hostname>
Content-Type: application/json
Accept-Encoding: gzip, deflate

  "jsonrpc": "2.0",
  "method": "User.filter",
  "id": 1,
  "params": {
    "query": {
      "is_active": true

It is important to note that this module is specifically designed to detect the "Kiwi TCMS Information Disclosure" vulnerability and may not be applicable to other software or systems.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
status: 200and
word: result, username, jsonrpc, is_active
Passive global matcher
No matching conditions.
On match action
Report vulnerability