id: mysql-empty-password

info:
  name: MySQL - Empty Password
  author: DhiyaneshDk
  severity: high
  description: |
    Checks for MySQL servers with an empty password for root or anonymous.
  metadata:
    max-request: 3
    shodan-query: "port:3306"
  tags: js,mssql,network

javascript:
  - pre-condition: |
      var m = require("nuclei/mysql");
      var c = m.MySQLClient();
      c.IsMySQL(Host, Port);

    code: |
      var m = require("nuclei/mysql");
      var c = m.MySQLClient();
      c.Connect(Host,Port,User,Pass)

    args:
      Host: "{{Host}}"
      Port: "3306"
      User: "{{username}}"
      Pass: " "

    payloads:
      usernames:
        - root
        - anonymous

    stop-at-first-match: true
    matchers:
      - type: dsl
        dsl:
          - "response == true"
          - "success == true"
        condition: and
# digest: 4a0a00473045022062a344098a63a6015864a65b51d9eccf5a751d1c23fb84e3ffbeff23e488f917022100a2119a4fdd5adcc599ecbfeedd09c43a91977b92d69ea0a77e2d986c5043dce6:922c64590222798bb761d5b6d8e72950