Skip to content

Commit 4d5a7a3

Browse files
committed
Brute force directory and file names with MySQL
1 parent e7604f8 commit 4d5a7a3

File tree

1 file changed

+10
-1
lines changed

1 file changed

+10
-1
lines changed

modules/auxiliary/scanner/mysql/mysql_file_enum.rb

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,16 @@ def run_host(ip)
4444
return
4545
end
4646

47-
mysql_query("USE " + datastore['DATABASE_NAME'])
47+
begin
48+
mysql_query_no_handle("USE " + datastore['DATABASE_NAME'])
49+
rescue ::RbMysql::Error => e
50+
print_error("MySQL Error: #{e.class} #{e.to_s}")
51+
return
52+
rescue Rex::ConnectionTimeout => e
53+
print_error("Timeout: #{e.message}")
54+
return
55+
end
56+
4857
res = mysql_query("SELECT * FROM information_schema.TABLES WHERE TABLE_SCHEMA = '" + datastore['DATABASE_NAME'] + "' AND TABLE_NAME = '" + datastore['TABLE_NAME'] + "';")
4958
table_exists = (res.size == 1)
5059

0 commit comments

Comments
 (0)