Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

View Yii Debugger Information

By kannthu

Low
Vidoc logoVidoc Module
#yii#debug#exposure
Description

View Yii Debugger Information

What is the "View Yii Debugger Information" module?

The "View Yii Debugger Information" module is a test case designed to detect misconfigurations in the Yii Debugger tool. Yii Debugger is a debugging and profiling tool for Yii framework applications. This module focuses on identifying potential vulnerabilities related to the exposure of sensitive information through the Yii Debugger.

Severity: Low

Author: geeknik

Impact

If misconfigured, the Yii Debugger can expose sensitive information, such as database credentials, application routes, logs, execution time, and memory usage. This information can be valuable to attackers and may aid in further exploitation of the application.

How does the module work?

The "View Yii Debugger Information" module works by sending HTTP requests to specific paths associated with the Yii Debugger. It then applies matching conditions to determine if the response indicates the presence of the Yii Debugger and the exposure of sensitive information.

Example HTTP request:

GET /debug/default/view.html

The module's matching conditions include:

- The response status code must be 200. - The response body must contain specific keywords, such as "<title>Yii Debugger</title>", "Status", "Route", "Log", "Time", "Memory", and "DB".

If all matching conditions are met, the module reports a potential vulnerability related to the exposure of Yii Debugger information.

Reference:

- https://yii2-framework.readthedocs.io/en/stable/guide/tool-debugger/

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/debug/default/view..../debug/default/view/frontend/web/debug/...(+2 paths)
Matching conditions
status: 200and
word: <title>Yii Debugger</title>, Status, Rou...
Passive global matcher
No matching conditions.
On match action
Report vulnerability