Tianqing Info Leak

By kannthu

Medium

Vidoc Module

#tianqing#exposure

Description

What is the "Tianqing Info Leak?"

The "Tianqing Info Leak" module is designed to detect information leaks in the Tianqing software. It is a vulnerability detection module with a medium severity level. The original author of this module is ritikchaddha.

Impact

If the "Tianqing Info Leak" vulnerability is present, it can potentially expose sensitive information stored in the Tianqing software. This can lead to unauthorized access, data breaches, and other security risks.

How the module works?

The "Tianqing Info Leak" module works by sending an HTTP GET request to the "/api/dbstat/gettablessize" endpoint. It then applies several matching conditions to determine if the vulnerability exists:

- The response body must contain the words "schema_name", "table_name", and "table_size". - The response headers must include the word "application/json". - The HTTP status code must be 200.

If all of these conditions are met, the module identifies the presence of the "Tianqing Info Leak" vulnerability.

Example HTTP request:

GET /api/dbstat/gettablessize

Note: The above example is a simplified representation of the HTTP request. The actual request may contain additional headers or parameters.

Module preview

Concurrent Requests (1)

1. HTTP Request template

GET/api/dbstat/gettable...

Matching conditions

word: schema_name, table_name, table_sizeand

word: application/jsonand

status: 200

Passive global matcher

No matching conditions.

On match action

Report vulnerability