SSRF patch bypass in latest version (4.7.7)

Database management in a single PHP file

Brought to you by: jakubvrana

#769 SSRF patch bypass in latest version (4.7.7)

Milestone: 4.7.7

Status: closed-fixed

Owner: Jakub Vrána

Labels: bug (11) vulnerability (1) Security Bypass (1)

Priority: 7

Updated: 2021-02-22

Created: 2020-11-11

Creator: Gus Ralph

Private: No

The latest version of Adminer can be abused as a HTTP client by using the ClickHouse driver.

The current fix for the SSRF issue is a simple check that verifies if the specified port is a privileged one.

This can be bypassed by using URL comments, or even slashes. For example, if you set the server parameter to:
"localhost:80#"
It will bypass the check, and allow for the malicious actor to hit internal, privileged ports.

Discussion

Jakub Vrána - 2020-12-06

status: open --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Jakub Vrána - 2020-12-06

Fixed, thanks.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Jakub Vrána - 2021-02-22

private: Yes --> No
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

SSRF patch bypass in latest version (4.7.7)

Database management in a single PHP file

Group

Searches

Help

#769 SSRF patch bypass in latest version (4.7.7)

Discussion