accessfile.yaml

id: accessfile

info:
  name: Finding root account Informations For MySQL Server
  author: c4sper0
  severity: critical
  description: |
    "Allows attackers to know the data sensitive to the Informations connection root to database."
  classification:
    cve-id: CWE-200
  tags: MySQL,root

http:
  - method: GET
    path:
      - "{{BaseURL}}/{{floder}}/{{access}}.{{ext}}"
      - "{{BaseURL}}/{{access}}.{{ext}}"

    attack: clusterbomb
    payloads:
      floder:
        - "admin"
        - "backUP"
        - "backups"
        - "home/mysql"
        - "mysql"
        - "tools"
        - "wp-admin"
        - "wp-content"
        - "wp-content/uploads"
        - ".ssh"
        - ".sftp"
        - "app"
        - "apps"
        - "lib"
      access:
        - "admin_access"
        - "access"
        - "mysql_access"
        - "database_access"
        - "root_access"
        - "ssh_access"
        - "{{DN}}-access"
        - "web-access"
      ext:
        - "txt"
        - "txt.x"
        - "txt.bak"
        - "log"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "--user=root"
          - "--password="
          - "SSHPORT=22"

      - type: status
        status:
          - 200