漏洞描述
Detects exposure of MySQL credentials, configuration, and command history via HTTP. Exposure of files such as .my.cnf and .mysql_history may lead to leakage of database passwords or SQL history, enabling attackers to compromise databases.
mysql-config-exposure: MySQL Conifg - Exposure
PoC代码[已公开]
id: mysql-config-exposure
info:
name: MySQL Conifg - Exposure
author: theamanrawat
severity: high
description: |
Detects exposure of MySQL credentials, configuration, and command history via HTTP. Exposure of files such as .my.cnf and .mysql_history may lead to leakage of database passwords or SQL history, enabling attackers to compromise databases.
reference:
- https://dev.mysql.com/doc/refman/8.0/en/option-files.html
metadata:
verified: true
max-request: 1
tags: exposure,config,mysql,database
http:
- method: GET
path:
- "{{BaseURL}}/.my.cnf"
matchers-condition: and
matchers:
- type: regex
name: my-cnf-creds
regex:
- "password\\s*=\\s*[\"']?[^\"'\\s]+[\"']?"
- type: word
words:
- "[client]"
- type: status
status:
- 200
# digest: 490a004630440220739275f38767f356b89a96e9f84dab82212f48a9c08338f10cfca031074812f9022022895790d66e1aea550097b7924315386e47520032421740ff847a0b6e8cb252:922c64590222798bb761d5b6d8e72950