id: mysql-history

info:
  name: mysql History - File Disclosure
  author: kazet
  severity: low
  description: |
    The mysql_history file is a history file used by the MySQL command-line client (mysql) to store a record of the SQL commands and statements entered by a user during their interactive MySQL sessions. It serves as a command history for the MySQL client, allowing users to recall and reuse previously executed SQL commands.
  reference:
    - http://doc.docs.sk/mysql-refman-5.5/mysql-history-file.html
  metadata:
    max-request: 1
    shodan-query: html:"mysql_history"
    verified: true
  tags: misconfig,disclosure,file,config

http:
  - method: GET
    path:
      - "{{BaseURL}}/.mysql_history"

    max-redirects: 1
    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "(?i)^CREATE "
          - "(?i)^GRANT "
          - "(?i)^UPDATE "
          - "(?i)^INSERT "
          - "(?i)^SELECT "
        condition: or

      - type: word
        part: response
        words:
          - "<?xml"
          - "<env"
          - "application/javascript"
          - "application/json"
          - "application/xml"
          - "html>"
          - "text/html"
          - "image/"
        negative: true

      - type: status
        status:
          - 200