aaronxu/vulhub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Details
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Details
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Details
Vulhub Docker Image CI / images-test (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Aaron
2025-09-06 16:08:15 +08:00
commit 63285f61aa
2624 changed files with 88491 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
adminer/CVE-2021-43008/README.md Normal file
View File

@@ -0,0 +1,32 @@
# Adminer Remote Arbitrary File Read (CVE-2021-43008)
[中文版本(Chinese version)](README.zh-cn.md)
Adminer is a tool for managing content in databases developed by PHP. It natively supports MySQL, MariaDB, PostgreSQL, SQLite, MS SQL, Oracle, Elasticsearch and MongoDB.
Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.
References:
- <https://github.com/p0dalirius/CVE-2021-43008-AdminerRead>
- <http://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability>
## Vulnerable environment
Execute following command to start a PHP server with Adminer 4.6.2:
```
docker compose up -d
```
After the server is started, you can see the login page of Adminer at `http://your-ip:8080`.
## Exploit
Start a roguo MySQL server through [mysql-fake-server](https://github.com/4ra1n/mysql-fake-server), then paste the `fileread_/etc/passwd` into username field:
![](1.png)
Receive the request and the `/etc/passwd` has been written into current directory:
![](2.png)