mysql-ip-filter

[freb]

The only nmap output that will show you the response message from MySQL when it is using IP filtering is the mysql-enum script with debug -dd. You will see a message like:

NSE: [mysql-enum W:55afb8ea6778 1.1.1.1:3306] Trying sysadmin against 1.1.1.1:3306
NSOCK INFO [0.7040s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 50 [1.1.1.1:3306] (75 bytes): G....j.Host '2.2.2.2' is not allowed to connect to this MySQL server

I like to flag this issue as a low because you still have communication with the database. Even though chance for exploitation is reduced, it isn't eliminated.

The plugin should make the basic connection, most likely emulating the functionality of mysql-enum, and look for the not allowed response. In that case, it should check if the target address is a public IP address, and then flag it as a vuln.

Its possible a generic script for all public database detection is warranted. However, I've only ever come accross mysql exposed and returning some sort of response. But we could gather database responses from each datbase target discovered and check for public ip.