projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Home Page:https://github.com/projectdiscovery/nuclei

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

wp mysql dump

Elsfa7-110 opened this issue · comments

Template Information:

add /wp-content/mysql.sql to sql-dump.yaml (https://github.com/projectdiscovery/nuclei-templates/blob/f18404302aeff8fda8a4a4d85e6d19e41552d9e7/exposures/backups/sql-dump.yaml)

ref :
https://twitter.com/search?q=wp-content%2Fmysql.sql&src=typed_query&f=top

Nuclei Template:

id: default-sql-dump

info:
  name: MySQL Dump Files
  author: geeknik,dwisiswant0,ELSFA7110
  severity: medium
  tags: exposure,backup,mysql

requests:
  - method: GET
    path:
      - "{{BaseURL}}/1.sql"
      - "{{BaseURL}}/backup.sql"
      - "{{BaseURL}}/database.sql"
      - "{{BaseURL}}/data.sql"
      - "{{BaseURL}}/db_backup.sql"
      - "{{BaseURL}}/dbdump.sql"
      - "{{BaseURL}}/db.sql"
      - "{{BaseURL}}/dump.sql"
      - "{{BaseURL}}/{{Hostname}}.sql"
      - "{{BaseURL}}/{{Hostname}}_db.sql"
      - "{{BaseURL}}/localhost.sql"
      - "{{BaseURL}}/mysqldump.sql"
      - "{{BaseURL}}/mysql.sql"
      - "{{BaseURL}}/site.sql"
      - "{{BaseURL}}/sql.sql"
      - "{{BaseURL}}/temp.sql"
      - "{{BaseURL}}/translate.sql"
      - "{{BaseURL}}/users.sql"
      - "{{BaseURL}}/wp-content/uploads/dump.sql"
      - "{{BaseURL}}/wp-content/mysql.sql"
    headers:
      Range: "bytes=0-3000"

    max-size: 2000  # Size in bytes - Max Size to read from server response
    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "(?m)(?:DROP|CREATE|(?:UN)?LOCK) TABLE|INSERT INTO"
        part: body

      - type: status
        status:
          - 200
          - 206
        condition: or