nuclei-templates/http/exposed-panels/adminer-panel-detect.yaml

56 lines
1.2 KiB
YAML

id: adminer-panel-detect
info:
name: Adminer Login Panel - Detect
author: random_robbie,meme-lord
severity: info
description: Adminer login panel was detected.
reference:
- https://blog.sorcery.ie/posts/adminer/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: fuzz,adminer,login
# <= 4.2.4 can have unauthenticated RCE via SQLite driver
# <= 4.6.2 can have LFI via MySQL LOAD DATA LOCAL
# Most versions have some kind of SSRF usability
# Is generally handy if you find SQL creds
metadata:
max-request: 741
http:
- raw:
- |
GET {{path}} HTTP/1.1
Host: {{Hostname}}
Accept: application/json, text/plain, */*
Referer: {{BaseURL}}
payloads:
path: helpers/wordlists/adminer-paths.txt
threads: 50
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
condition: and
words:
- "- Adminer</title>"
- "partial(verifyVersion"
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- '<span class="version">([0-9.]+)'