漏洞描述
A SQL Server dump file was found
sql-server-dump: SQL Server - Dump Files
PoC代码[已公开]
id: sql-server-dump
info:
name: SQL Server - Dump Files
author: userdehghani
severity: medium
description: |
A SQL Server dump file was found
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
metadata:
max-request: 21
tags: exposure,backup,sql-server,vuln
http:
- method: GET
path:
- "{{BaseURL}}{{paths}}"
payloads:
paths:
- "/sa.bak"
- "/wwwroot.bak"
- "/backup.bak"
- "/database.bak"
- "/data.bak"
- "/db_backup.bak"
- "/dbdump.bak"
- "/db.bak"
- "/dump.bak"
- "/{{Hostname}}.bak"
- "/{{Hostname}}_db.bak"
- "/localhost.bak"
- "/mysqldump.bak"
- "/mysql.bak"
- "/site.bak"
- "/sql.bak"
- "/temp.bak"
- "/translate.bak"
- "/users.bak"
- "/www.bak"
- "/wp-content/uploads/dump.bak"
- "/wp-content/mysql.bak"
headers:
Range: "bytes=0-500"
max-size: 500 # Size in bytes - Max Size to read from server response
matchers-condition: and
matchers:
- type: binary
part: body
binary:
- "54415045" # Microsoft Tape Format
- type: status
status:
- 200
# digest: 4a0a0047304502204c0eacdb4512e9f3f8dfe3e2c810e9ee7e333949d454ea265668b428da147d64022100a7700e77f6374ffcb80fd9b62b3f0f99b2f754b7a8fe5fae7eea24de218cb5ac:922c64590222798bb761d5b6d8e72950