id: mysql-history

info:
  name: Mysql History - File Disclosure
  author: kazet
  severity: low
  description: |
    The mysql_history file is a history file used by the MySQL command-line client (mysql) to store a record of the SQL commands and statements entered by a user during their interactive MySQL sessions. It serves as a command history for the MySQL client, allowing users to recall and reuse previously executed SQL commands.
  reference:
    - http://doc.docs.sk/mysql-refman-5.5/mysql-history-file.html
  classification:
    cpe: cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: oracle
    product: mysql
    shodan-query: html:"mysql_history"
  tags: misconfig,disclosure,config

http:
  - method: GET
    path:
      - "{{BaseURL}}/.mysql_history"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "_HiStOrY_V2_"
          - "show databases;"
        condition: or

      - type: word
        part: header
        words:
          - "application/octet-stream"
          - "text/plain"
          - "filename=\".mysql_"

      - type: word
        part: response
        words:
          - "<?xml"
          - "<env"
          - "application/javascript"
          - "application/json"
          - "application/xml"
          - "html>"
          - "text/html"
          - "image/"
        negative: true

      - type: status
        status:
          - 200
# digest: 4a0a0047304502210082cee34a71a2f654b13c56332af71a1e008e0713fdc3a3c5e23380be6137ffa202201ab6058e334acd6ca430237bf3696b19b39982287fc926f15f2c659cf7ce983f:922c64590222798bb761d5b6d8e72950