来源

关联漏洞

介绍

# CVE-2021-21311

## Description
SSRF(Server-side Request Forgery) in Adminer  
(Open Source Database Management tool)  
from v4.0.0 ~ v4.7.8 (patched at v4.7.9)

[Patch commit](https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351)

## Usage
```
exploit.py [-h] -target TARGET -redirect REDIRECT -host HOST [-port PORT]

options:
  -h, --help          show this help message and exit
  -target TARGET      url of target
  -redirect REDIRECT  url for redirect path
  -host HOST          host ip to listen
  -port PORT          listening server port
```
![exploit_demo](./mdImg/exploit_demo.png)  

## Disclaimer
All content provied by this repository is meant for research, educational, and threat detection purpose only.  
Please use wisely.

文件快照

 [4.0K]  /data/pocs/2a78bbccf6595c6e6f97f407cf27c6948754b010
├── [ 125]  docker-compose.yml
├── [1.7K]  exploit.py
├── [4.0K]  mdImg
│   └── [ 91K]  exploit_demo.png
├── [ 769]  README.md
├── [  14]  requirements.txt
└── [4.0K]  terraform_code
    ├── [4.0K]  assets
    │   └── [   8]  hidden-file.txt
    └── [4.0K]  terraform
        ├── [1.7K]  ec2.tf
        ├── [1.3K]  iam.tf
        ├── [ 938]  network.tf
        ├── [ 245]  provider.tf
        └── [ 529]  s3.tf

4 directories, 11 files

备注