The mysql_history file is a history file used by the MySQL command-line client (mysql) to store a record of the SQL commands and statements entered by a user during their interactive MySQL sessions. It serves as a command history for the MySQL client, allowing users to recall and reuse previously executed SQL commands.
PoC代码[已公开]
id: mysql-history
info:
name: Mysql History - File Disclosure
author: kazet
severity: low
description: |
The mysql_history file is a history file used by the MySQL command-line client (mysql) to store a record of the SQL commands and statements entered by a user during their interactive MySQL sessions. It serves as a command history for the MySQL client, allowing users to recall and reuse previously executed SQL commands.
reference:
- http://doc.docs.sk/mysql-refman-5.5/mysql-history-file.html
classification:
cpe: cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: oracle
product: mysql
shodan-query: html:"mysql_history"
tags: misconfig,disclosure,config,vuln
http:
- method: GET
path:
- "{{BaseURL}}/.mysql_history"
matchers-condition: and
matchers:
- type: word
words:
- "_HiStOrY_V2_"
- "show databases;"
condition: or
- type: word
part: header
words:
- "application/octet-stream"
- "text/plain"
- "filename=\".mysql_"
- type: word
part: response
words:
- "<?xml"
- "<env"
- "application/javascript"
- "application/json"
- "application/xml"
- "html>"
- "text/html"
- "image/"
negative: true
- type: status
status:
- 200
# digest: 4a0a004730450220455631d0e4f4fa855557879902cdcde19ca063d34b081df43230c0ef36caed86022100ab4e0d2c9e8740c58aaf0625c897a9f540dd2c913c78efa738000d1b16ca39bc:922c64590222798bb761d5b6d8e72950