Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

qdPM 9.2 - DB Credentials Exposure

By kannthu

High
Vidoc logoVidoc Module
#qdpm#exposure#edb
Description

What is "qdPM 9.2 - DB Credentials Exposure?"

The "qdPM 9.2 - DB Credentials Exposure" module is designed to detect a vulnerability in the qdPM 9.2 software. This vulnerability allows unauthorized access to the database credentials, potentially exposing sensitive information. The severity of this vulnerability is classified as high.

This module was authored by gy741.

Impact

If exploited, this vulnerability could lead to unauthorized access to the database credentials of the qdPM 9.2 software. This could result in the exposure of sensitive information, such as usernames and passwords, which could be used for further malicious activities.

How the module works?

The "qdPM 9.2 - DB Credentials Exposure" module works by sending an HTTP GET request to the "/core/config/databases.yml" path of the target system. It then matches the response body for specific keywords, such as "dsn:", "username:", and "password:". Additionally, it verifies that the response status is 200.

By analyzing the response, the module can determine if the database credentials are exposed in the configuration file. If a match is found, the module reports the vulnerability.

Example HTTP request:

GET /core/config/databases.yml

The module matches the following conditions:

- The response body contains the keywords "dsn:", "username:", and "password:" - The response status is 200

If both conditions are met, the module identifies the vulnerability and triggers the specified action, which in this case is reporting the vulnerability.

For more information, refer to the exploit-db.com reference.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/core/config/databas...
Matching conditions
word: dsn:, username:, password:and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability