漏洞平台

POC详情： edcc813157306f768a656285ef42229206a7a0b0

来源

https://github.com/p0dalirius/CVE-2021-43008-AdminerRead

关联漏洞

标题： SOURCEFORGE Adminer安全漏洞 (CVE-2021-43008)
描述：SOURCEFORGE Adminer是美国SOURCEFORGE社区的一个应用软件。提供单个PHP文件中的数据库管理。 Adminer 4.6.2版本及之前版本存在安全漏洞，该漏洞源于存在不当访问控制。攻击者利用该漏洞将远程MySQL数据库连接到Adminer，从而读取任意文件。

描述

Exploit tool for CVE-2021-43008 Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability

介绍

# CVE-2021-43008 - AdminerRead

<p align="center">
    Exploit tool for Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability 
    <br>
    <img alt="GitHub release (latest by date)" src="https://img.shields.io/github/v/release/p0dalirius/AdminerRead">
    <a href="https://twitter.com/intent/follow?screen_name=podalirius_" title="Follow"><img src="https://img.shields.io/twitter/follow/podalirius_?label=Podalirius&style=social"></a>
    <a href="https://www.youtube.com/c/Podalirius_?sub_confirmation=1" title="Subscribe"><img alt="YouTube Channel Subscribers" src="https://img.shields.io/youtube/channel/subscribers/UCF_x5O7CSfr82AfNVTKOv_A?style=social"></a>
    <br>
</p>

![](./docs/banner.png)

## Installation

```
git clone https://github.com/p0dalirius/AdminerRead
cd AdminerRead
sudo python3 setup.py install
```

## Usage

![](./docs/adminer.gif)

## Vulnerable versions

Adminer version 1.0 up to version 4.6.2 (included) File Read Vulnerability

![](./docs/vulnerable_versions.gif)

 ➡️ More detailed information about impacted versions in ![Vulnerable versions](./docs/Vulnerable_versions.md)

## Contributing

Pull requests are welcome. Feel free to open an issue if you want to add other features.

## References
 - http://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability
 - https://podalirius.net/en/articles/writing-an-exploit-for-adminer-4.6.2-arbitrary-file-read-vulnerability/

文件快照


 [4.0K]  /data/pocs/edcc813157306f768a656285ef42229206a7a0b0
├── [ 13K]  AdminerRead.py
├── [4.0K]  docs
│   ├── [1.4M]  adminer.gif
│   ├── [139K]  adminer_v4.6.2.png
│   ├── [132K]  adminer_v4.6.3.png
│   ├── [ 88K]  banner.png
│   ├── [105K]  vulnerable_versions.gif
│   └── [7.4K]  Vulnerable_versions.md
├── [ 18K]  LICENSE
├── [1.4K]  README.md
├── [  28]  requirements.txt
├── [4.0K]  tests
│   ├── [4.0K]  adminer
│   │   ├── [1.7K]  Dockerfile
│   │   └── [ 842]  Makefile
│   └── [4.0K]  sink
│       ├── [ 808]  Dockerfile
│       └── [ 935]  Makefile
└── [4.0K]  wordlists
    ├── [1.4K]  all
    ├── [ 465]  config_files
    ├── [ 600]  log_files
    ├── [ 141]  system_files
    ├── [  45]  users_files
    └── [ 201]  var_www_files

5 directories, 20 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。