From cc9d292bddc90ab64b492ce50b3e2e0fa528be5a Mon Sep 17 00:00:00 2001 From: r00t <24542600+adeljck@users.noreply.github.com> Date: Fri, 7 Feb 2025 19:14:07 +0800 Subject: [PATCH] Update mysql.go Added a loop for databases to prevent certain non-existing mysql databases from being assumed not to have weak passwords --- Plugins/mysql.go | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/Plugins/mysql.go b/Plugins/mysql.go index db3e440..44a74b0 100644 --- a/Plugins/mysql.go +++ b/Plugins/mysql.go @@ -39,19 +39,23 @@ func MysqlScan(info *common.HostInfo) (tmperr error) { func MysqlConn(info *common.HostInfo, user string, pass string) (flag bool, err error) { flag = false Host, Port, Username, Password := info.Host, info.Ports, user, pass - dataSourceName := fmt.Sprintf("%v:%v@tcp(%v:%v)/mysql?charset=utf8&timeout=%v", Username, Password, Host, Port, time.Duration(common.Timeout)*time.Second) - db, err := sql.Open("mysql", dataSourceName) - if err == nil { - db.SetConnMaxLifetime(time.Duration(common.Timeout) * time.Second) - db.SetConnMaxIdleTime(time.Duration(common.Timeout) * time.Second) - db.SetMaxIdleConns(0) - defer db.Close() - err = db.Ping() + for _, database := range []string{"mysql", "information_schema"} { + dsn := fmt.Sprintf("%v:%v@tcp(%v:%v)/%v?charset=utf8&timeout=%v", Username, Password, Host, Port, database, time.Duration(common.Timeout)*time.Second) + db, err := sql.Open("mysql", dsn) if err == nil { - result := fmt.Sprintf("[+] mysql %v:%v:%v %v", Host, Port, Username, Password) - common.LogSuccess(result) - flag = true + db.SetConnMaxLifetime(time.Duration(common.Timeout) * time.Second) + db.SetConnMaxIdleTime(time.Duration(common.Timeout) * time.Second) + db.SetMaxIdleConns(0) + err = db.Ping() + if err == nil { + result := fmt.Sprintf("[+] mysql %v:%v:%v %v", Host, Port, Username, Password) + common.LogSuccess(result) + flag = true + _ = db.Close() + break + } } + _ = db.Close() } return flag, err }