Update and rename db-command-history.yaml to mysql-history.yaml

2023-11-04 18:19:57 +05:30 · 2023-11-04 18:19:57 +05:30 · 1aadc8c048
parent fb0a3f3647
commit 1aadc8c048
1 changed files with 10 additions and 5 deletions
--- a/http/misconfiguration/db-command-history.yaml
+++ b/http/misconfiguration/db-command-history.yaml
@ -1,20 +1,25 @@
-id: db-command-history
+id: mysql-history

 info:
-  name: Database Command History
+  name: mysql History - File Disclosure
  author: kazet
  severity: low
-  description: Discover history for mysql
+  description: |
+    The mysql_history file is a history file used by the MySQL command-line client (mysql) to store a record of the SQL commands and statements entered by a user during their interactive MySQL sessions. It serves as a command history for the MySQL client, allowing users to recall and reuse previously executed SQL commands.
+  reference:
+    - http://doc.docs.sk/mysql-refman-5.5/mysql-history-file.html
  metadata:
    max-request: 1
-  tags: misconfig
+    shodan-query: html:"mysql_history"
+    verified: true
+  tags: misconfig,disclosure,file,config

 http:
  - method: GET
-    max-redirects: 1
    path:
      - "{{BaseURL}}/.mysql_history"

+    max-redirects: 1
    matchers-condition: and
    matchers:
      - type: regex