CVE-2021-21311 PoC — SOURCEFORGE Adminer 代码问题漏洞

Source

https://github.com/omoknooni/CVE-2021-21311

Associated Vulnerability

Title:SOURCEFORGE Adminer 代码问题漏洞 (CVE-2021-21311)
Description:SOURCEFORGE Adminer是美国SOURCEFORGE社区的一个应用软件。提供单个PHP文件中的数据库管理。 SOURCEFORGE Adminer 中存在代码问题漏洞，该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。

Readme

# CVE-2021-21311

## Description
SSRF(Server-side Request Forgery) in Adminer  
(Open Source Database Management tool)  
from v4.0.0 ~ v4.7.8 (patched at v4.7.9)

[Patch commit](https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351)

## Usage
```
exploit.py [-h] -target TARGET -redirect REDIRECT -host HOST [-port PORT]

options:
  -h, --help          show this help message and exit
  -target TARGET      url of target
  -redirect REDIRECT  url for redirect path
  -host HOST          host ip to listen
  -port PORT          listening server port
```
![exploit_demo](./mdImg/exploit_demo.png)  

## Disclaimer
All content provied by this repository is meant for research, educational, and threat detection purpose only.  
Please use wisely.

File Snapshot


 [4.0K]  /data/pocs/2a78bbccf6595c6e6f97f407cf27c6948754b010
├── [ 125]  docker-compose.yml
├── [1.7K]  exploit.py
├── [4.0K]  mdImg
│   └── [ 91K]  exploit_demo.png
├── [ 769]  README.md
├── [  14]  requirements.txt
└── [4.0K]  terraform_code
    ├── [4.0K]  assets
    │   └── [   8]  hidden-file.txt
    └── [4.0K]  terraform
        ├── [1.7K]  ec2.tf
        ├── [1.3K]  iam.tf
        ├── [ 938]  network.tf
        ├── [ 245]  provider.tf
        └── [ 529]  s3.tf

4 directories, 11 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!