Information Disclosure: ThinkPHP 5.0.9 - Information Disclosure¶

Identifier: thinkphp_509_information_disclosure

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

ThinkPHP 5.0.9 includes verbose SQL error messages that can reveal sensitive information including database credentials, potentially aiding attackers in understanding database structure and planning further attacks.

How we test: We test for information disclosure vulnerabilities in ThinkPHP 5.0.9 by triggering SQL errors and analyzing responses to detect if verbose error messages expose sensitive information like database credentials or structure details.

Reference:

https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/in-sqlinjection

Configuration¶

Example¶

Example configuration:

---
security_tests:
  thinkphp_509_information_disclosure:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.