Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "View Yii Debugger Information" module is a test case designed to detect misconfigurations in the Yii Debugger tool. Yii Debugger is a debugging and profiling tool for Yii framework applications. This module focuses on identifying potential vulnerabilities related to the exposure of sensitive information through the Yii Debugger.
Severity: Low
Author: geeknik
If misconfigured, the Yii Debugger can expose sensitive information, such as database credentials, application routes, logs, execution time, and memory usage. This information can be valuable to attackers and may aid in further exploitation of the application.
The "View Yii Debugger Information" module works by sending HTTP requests to specific paths associated with the Yii Debugger. It then applies matching conditions to determine if the response indicates the presence of the Yii Debugger and the exposure of sensitive information.
Example HTTP request:
GET /debug/default/view.html
The module's matching conditions include:
- The response status code must be 200. - The response body must contain specific keywords, such as "<title>Yii Debugger</title>
", "Status", "Route", "Log", "Time", "Memory", and "DB".
If all matching conditions are met, the module reports a potential vulnerability related to the exposure of Yii Debugger information.
Reference:- https://yii2-framework.readthedocs.io/en/stable/guide/tool-debugger/