Skip to content
Nuclei Templates

Mysql History - File Disclosure

ID: mysql-history

Severity: low

Author: kazet

Tags: misconfig,disclosure,config

Description

Section titled “Description”

The mysql_history file is a history file used by the MySQL command-line client (mysql) to store a record of the SQL commands and statements entered by a user during their interactive MySQL sessions. It serves as a command history for the MySQL client, allowing users to recall and reuse previously executed SQL commands.

YAML Source

Section titled “YAML Source”
id: mysql-history


info:
  name: Mysql History - File Disclosure
  author: kazet
  severity: low
  description: |
    The mysql_history file is a history file used by the MySQL command-line client (mysql) to store a record of the SQL commands and statements entered by a user during their interactive MySQL sessions. It serves as a command history for the MySQL client, allowing users to recall and reuse previously executed SQL commands.
  reference:
    - http://doc.docs.sk/mysql-refman-5.5/mysql-history-file.html
  classification:
    cpe: cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: oracle
    product: mysql
    shodan-query: html:"mysql_history"
  tags: misconfig,disclosure,config


http:
  - method: GET
    path:
      - "{{BaseURL}}/.mysql_history"


    matchers-condition: and
    matchers:
      - type: word
        words:
          - "_HiStOrY_V2_"
          - "show databases;"
        condition: or


      - type: word
        part: header
        words:
          - "application/octet-stream"
          - "text/plain"
          - "filename=\".mysql_"


      - type: word
        part: response
        words:
          - "<?xml"
          - "<env"
          - "application/javascript"
          - "application/json"
          - "application/xml"
          - "html>"
          - "text/html"
          - "image/"
        negative: true


      - type: status
        status:
          - 200
# digest: 490a0046304402203dde736933bcdabed7577a67c4871b3eef9a01b9f33056bb6df9a89130ed82860220103b339e8763024e8fe96b00bf90439549e87f9247a5935871f4482bd46aacc5:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/misconfiguration/mysql-history.yaml"

View on Github