Summary
The /test endpoint lacks any authentication, allowing anonymous users to access a model testing page that embeds a comprehensive internal model catalog. This includes all model names, generation types, aspect ratios, resolution options, and video generation modes. Attackers can fully enumerate the system's API structure and capabilities, gaining valuable intelligence for targeted attacks.
Details
Affected Endpoint
- URL:
/test (serves static file static/test.html)
- Related files:
src/main.py (route definition, lines 232–237) and static/test.html (contains sensitive data around lines 175, 188)
Root Cause
The route handler for /test performs no authentication or authorization check and directly returns test.html from the filesystem. The embedded JavaScript in that file contains hardcoded FALLBACK_MODELS and MODEL_CATEGORIES objects, listing 22 model entries with capability descriptions and 9 model categories. This internal information is exposed over a public, unauthenticated path.
Verification
The PoC sent an unauthenticated GET request to http://<server>:38000/test. The server responded with HTTP 200 and the full page content. Sensitive indicators FALLBACK_MODELS and MODEL_CATEGORIES were found, confirming the leak. Sample output:
[+] Vulnerability Confirmed! Found sensitive indicators: ['FALLBACK_MODELS', 'MODEL_CATEGORIES']
- Snippet near 'FALLBACK_MODELS': FALLBACK_MODELS = { "gemini-3.1-flash-image": ...
- Snippet near 'MODEL_CATEGORIES': MODEL_CATEGORIES = { "Gemini 3.1 Flash 图片": ...
Suggested Fix
- Add authentication middleware (e.g., token or API key verification) to the
/test endpoint and similar debug pages such as /manage.
- If the page is intended for development or testing only, disable or remove it entirely in production environments.
- Utilize FastAPI's dependency injection (
Depends) to enforce consistent authorization, preventing anonymous access.
Impact
- Internal Capability Enumeration: Attackers learn all supported models, parameter options, and generation features, mapping the system's technical architecture and constraints.
- Optimized Attack Paths: Knowledge of exact model names and API structures allows attackers to search for related vulnerabilities (e.g., model parameter injection, resource abuse) and directly invoke internal APIs, bypassing front-end restrictions.
- Social Engineering Support: Exposed internal codenames and classifications could be used to impersonate insiders or craft convincing phishing campaigns.
- Lowered Security Posture: Leaked debug information provides effortless reconnaissance, significantly reducing the difficulty and cost of subsequent attacks.
Summary
The
/testendpoint lacks any authentication, allowing anonymous users to access a model testing page that embeds a comprehensive internal model catalog. This includes all model names, generation types, aspect ratios, resolution options, and video generation modes. Attackers can fully enumerate the system's API structure and capabilities, gaining valuable intelligence for targeted attacks.Details
Affected Endpoint
/test(serves static filestatic/test.html)src/main.py(route definition, lines 232–237) andstatic/test.html(contains sensitive data around lines 175, 188)Root Cause
The route handler for
/testperforms no authentication or authorization check and directly returnstest.htmlfrom the filesystem. The embedded JavaScript in that file contains hardcodedFALLBACK_MODELSandMODEL_CATEGORIESobjects, listing 22 model entries with capability descriptions and 9 model categories. This internal information is exposed over a public, unauthenticated path.Verification
The PoC sent an unauthenticated GET request to
http://<server>:38000/test. The server responded with HTTP 200 and the full page content. Sensitive indicatorsFALLBACK_MODELSandMODEL_CATEGORIESwere found, confirming the leak. Sample output:Suggested Fix
/testendpoint and similar debug pages such as/manage.Depends) to enforce consistent authorization, preventing anonymous access.Impact