CVE-2021-29625 PoC — SOURCEFORGE Adminer 跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-29625.yaml

Associated Vulnerability

Title:SOURCEFORGE Adminer 跨站脚本漏洞 (CVE-2021-29625)
Description:SOURCEFORGE Adminer是美国SOURCEFORGE社区的一个应用软件。提供单个PHP文件中的数据库管理。 Adminer 4.6.1版本至4.8.0版本存在安全漏洞，该漏洞源于Adminer使用pdo扩展与数据库通信。在没有CSP的浏览器中会受到影响。

Description

Adminer 4.6.1 to 4.8.0 contains a cross-site scripting vulnerability which affects users of MySQL, MariaDB, PgSQL, and SQLite in browsers without CSP when Adminer uses a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled).

File Snapshot


 id: CVE-2021-29625

info:
  name: Adminer <=4.8.0 - Cross-Site Scripting
  author: daffainfo
  sever

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!