漏洞描述
A MySQL dump file was found
mysql-dump: MySQL - Dump Files
PoC代码[已公开]
id: mysql-dump
info:
name: MySQL - Dump Files
author: geeknik,dwisiswant0,ELSFA7110,mastercho
severity: medium
description: A MySQL dump file was found
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
metadata:
max-request: 21
tags: exposure,backup,mysql,vuln
http:
- method: GET
path:
- "{{BaseURL}}{{paths}}"
payloads:
paths:
- "/1.sql"
- "/backup.sql"
- "/database.sql"
- "/data.sql"
- "/db_backup.sql"
- "/dbdump.sql"
- "/db.sql"
- "/dump.sql"
- "/{{Hostname}}.sql"
- "/{{Hostname}}_db.sql"
- "/localhost.sql"
- "/mysqldump.sql"
- "/mysql.sql"
- "/site.sql"
- "/sql.sql"
- "/temp.sql"
- "/translate.sql"
- "/users.sql"
- "/www.sql"
- "/wp-content/uploads/dump.sql"
- "/wp-content/mysql.sql"
headers:
Range: "bytes=0-3000"
max-size: 2000 # Size in bytes - Max Size to read from server response
matchers-condition: and
matchers:
- type: regex
regex:
- "(?m)(?:DROP|CREATE|(?:UN)?LOCK) TABLE|INSERT INTO"
part: body
- type: status
status:
- 200
- 206
condition: or
# digest: 4a0a004730450220742fe4186e8a760f081b2fcee81c384a4f00fcae293c410b879afdd9fbfc2219022100f54c54c0cd1787b0b9b7a240350a02fa3783292c59bcc7ce68bbc9d28cf798fc:922c64590222798bb761d5b6d8e72950