Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

QuestDB Console - Detect

By kannthu

medium
Vidoc logoVidoc Module
#misconfig#questdb#exposure
Description

What is the "QuestDB Console - Detect" module?

The "QuestDB Console - Detect" module is designed to detect the presence of the QuestDB console, a web-based interface for interacting with the QuestDB database. This module focuses on identifying potential misconfigurations or vulnerabilities in the QuestDB console.

This module has a severity level of medium, indicating that the detected issues could have a moderate impact on the security of the system.

Impact

If this module detects any misconfigurations or vulnerabilities in the QuestDB console, it could potentially expose sensitive data or allow unauthorized access to the database. This could lead to data breaches, unauthorized modifications, or other security incidents.

How the module works?

The "QuestDB Console - Detect" module works by sending HTTP requests to the target system and analyzing the responses based on predefined matching conditions. It checks for specific patterns in the response body, headers, and status codes to determine if the QuestDB console is present and if any misconfigurations or vulnerabilities are detected.

For example, one of the matching conditions checks if the response body contains the phrase "QuestDB · Console" and the message "Server rejected file due to unsupported file format.". Additionally, it verifies that the response header includes the content type "text/html" and the HTTP status code is "200".

If all the matching conditions are met, the module will report a potential misconfiguration or vulnerability in the QuestDB console.

Concurrent Requests (0)
Passive global matcher
word: QuestDB · Console, Server rejected file ...and
word: text/htmland
status: 200
On match action
Report vulnerability