Skip to content

Information Disclosure: Exposed SQL Dumps

Identifier: exposed_sql_dumps

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

Exposed SQL Dumps occur when a MySQL dump file containing sensitive data is left accessible, usually because backup files aren't properly secured or removed from public servers. The danger lies in the fact that these dumps often contain everything from database schemas to user credentials, which gives attackers all they need for data breaches or further intrusions. Developers often fall into the trap of leaving these files accessible after testing or backup processes, not realizing that an overlooked file can lead to significant financial and reputational damage if exploited.

Configuration

Example

Example configuration:

---
security_tests:
  exposed_sql_dumps:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.