Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2021-43008 PoC — SOURCEFORGE Adminer安全漏洞

Source
https://github.com/p0dalirius/CVE-2021-43008-AdminerRead
Associated Vulnerability
Title:SOURCEFORGE Adminer安全漏洞 (CVE-2021-43008)
Description:Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.
Description
Exploit tool for CVE-2021-43008 Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability
Readme
# CVE-2021-43008 - AdminerRead

<p align="center">
    Exploit tool for Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability 
    <br>
    <img alt="GitHub release (latest by date)" src="https://img.shields.io/github/v/release/p0dalirius/AdminerRead">
    <a href="https://twitter.com/intent/follow?screen_name=podalirius_" title="Follow"><img src="https://img.shields.io/twitter/follow/podalirius_?label=Podalirius&style=social"></a>
    <a href="https://www.youtube.com/c/Podalirius_?sub_confirmation=1" title="Subscribe"><img alt="YouTube Channel Subscribers" src="https://img.shields.io/youtube/channel/subscribers/UCF_x5O7CSfr82AfNVTKOv_A?style=social"></a>
    <br>
</p>

![](./docs/banner.png)

## Installation

```
git clone https://github.com/p0dalirius/AdminerRead
cd AdminerRead
sudo python3 setup.py install
```

## Usage

![](./docs/adminer.gif)

## Vulnerable versions

Adminer version 1.0 up to version 4.6.2 (included) File Read Vulnerability

![](./docs/vulnerable_versions.gif)

 ➡️ More detailed information about impacted versions in ![Vulnerable versions](./docs/Vulnerable_versions.md)

## Contributing

Pull requests are welcome. Feel free to open an issue if you want to add other features.

## References
 - http://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability
 - https://podalirius.net/en/articles/writing-an-exploit-for-adminer-4.6.2-arbitrary-file-read-vulnerability/
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →