-
Notifications
You must be signed in to change notification settings - Fork 10
/
Adminer-SSRF-(CVE-2021-21311).json
135 lines (135 loc) · 4.33 KB
/
Adminer-SSRF-(CVE-2021-21311).json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
{
"Name": "Adminer SSRF (CVE-2021-21311)",
"Description": "<p>Adminer is an application software of the SOURCEFORGE community in the United States. Provides database management in a single PHP file.<br></p><p>There is a code problem vulnerability in Adminer, which originates from elastic parameters, and attackers can detect intranet information.<br></p>",
"Product": "Adminer",
"Homepage": "https://github.com/vrana/adminer/",
"DisclosureDate": "2022-04-01",
"Author": "abszse",
"FofaQuery": "title=\"Login - Adminer\"",
"GobyQuery": "title=\"Login - Adminer\"",
"Level": "2",
"Impact": "<p>There is a code problem vulnerability in Adminer, which originates from elastic parameters, and attackers can detect intranet information.<br></p>",
"Recommendation": "<p>Follow the official website update in time: <a href=\"https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351\">https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351</a><br></p>",
"References": [
"https://fofa.so/"
],
"Is0day": false,
"HasExp": true,
"ExpParams": [
{
"name": "cmd",
"type": "input",
"value": "gobygo.net",
"show": ""
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "",
"follow_redirect": false,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "",
"follow_redirect": false,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
}
]
},
"SetVariable": []
}
],
"Tags": [
"Other"
],
"VulType": [
"Other"
],
"CVEIDs": [
"CVE-2021-21311"
],
"CNNVD": [
"CNNVD-202102-1087"
],
"CNVD": [
""
],
"CVSSScore": "7.5",
"Translation": {
"CN": {
"Name": "Adminer 软件 SSRF漏洞(CVE-2021-21311)",
"Product": "Adminer",
"Description": "<p>Adminer是美国SOURCEFORGE社区的一个应用软件。提供单个PHP文件中的数据库管理。<br></p><p>Adminer 中存在代码问题漏洞,该漏洞源于elastic参数,攻击者可探测内网信息等。<br></p>",
"Recommendation": "<p>及时关注官网更新:<a href=\"https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351\">https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351</a><br></p>",
"Impact": "<p>Adminer 中存在代码问题漏洞,该漏洞源于elastic参数,攻击者可探测内网信息等。<br></p>",
"VulType": [
"其他"
],
"Tags": [
"其他"
]
},
"EN": {
"Name": "Adminer SSRF (CVE-2021-21311)",
"Product": "Adminer",
"Description": "<p>Adminer is an application software of the SOURCEFORGE community in the United States. Provides database management in a single PHP file.<br></p><p>There is a code problem vulnerability in Adminer, which originates from elastic parameters, and attackers can detect intranet information.<br></p>",
"Recommendation": "<p>Follow the official website update in time: <a href=\"https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351\">https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351</a><br></p>",
"Impact": "<p>There is a code problem vulnerability in Adminer, which originates from elastic parameters, and attackers can detect intranet information.<br></p>",
"VulType": [
"Other"
],
"Tags": [
"Other"
]
}
},
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}