关联漏洞
标题:
Apache HTTP Server 安全漏洞
(CVE-2021-42013)
描述:Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 存在安全漏洞,该漏洞源于发现 Apache HTTP Server 2.4.50 版本中对 CVE-2021-41773 的修复不够充分。攻击者可以使用路径遍历攻击将 URL 映射到由类似别名的指令配置的目录之外的文件。如果这些目录之外的文件不受通常的默认配置“要求全部拒绝”的保护,则这些请求可能会成功。如果还为这些别
描述
A powerful and reliable exploit tool for Apache HTTP Server vulnerabilities CVE-2021-41773 and CVE-2021-42013. This tool provides remote code execution capabilities on vulnerable Apache 2.4.49 and 2.4.50 servers.
介绍
### 🚀 Overview
This exploit tool targets path traversal and remote code execution vulnerabilities in Apache HTTP Server versions 2.4.49 and 2.4.50. The tool uses curl backend to bypass URL encoding issues that affect other Python-based exploit attempts, providing reliable exploitation even when other tools fail.
<img width="702" height="617" alt="Screenshot 2025-10-28 at 18 59 44" src="https://github.com/user-attachments/assets/784dde42-0ae8-4fb4-82c6-ec87c5f7e1d5" />
⚡ Features
🔧 Multiple Payload Support: Tests various exploitation paths and techniques
💻 Interactive Shell: Full interactive command execution with auto-completion
🔄 Auto Reverse Shell: Automatic reverse shell generation with multiple payload types
🔍 System Reconnaissance: Quick system information gathering and enumeration
🚀 Curl Backend: Bypasses URL encoding limitations that break other tools
🖥️ Cross-Platform: Works on Linux, Windows, and macOS
📦 No Dependencies: Uses only built-in Python libraries and system tools
🎯 Smart Detection: Automatically detects Apache version and vulnerability status
### 🎯 Vulnerabilities
```
CVE-2021-41773
Affected Versions: Apache 2.4.49
Description: Path traversal vulnerability allowing access to files outside web root
CVSS Score: 7.5 (High)
Impact: Information disclosure, limited file access
```
```
CVE-2021-42013
Affected Versions: Apache 2.4.50
Description: Remote Code Execution vulnerability when CGI is enabled
CVSS Score: 9.8 (Critical)
Impact: Full system compromise, arbitrary command execution
```
### 📥 Installation bash
# Clone the repository
```
git clone https://github.com/FakhriCRD/apache-cve-2021-42013-exploit.git
cd apache-cve-2021-42013-exploit
```
# Make executable
```
chmod +x exploit.py
```
# Verify curl is available (required)
```
curl --version
```
# No additional Python dependencies required!
Requirements
Python 3.6+
curl (system command)
netcat (for reverse shell functionality)
### 🛠️ Usage
Basic Syntax
bash
```
python3 apache_exploit.py -u <TARGET_URL> [OPTIONS]
Options
Option Description Example
-u, --url Target URL (required) -u http://target.com
-c, --command Execute single command -c "whoami"
-i, --interactive Start interactive shell -i
-r, --reverse Auto generate reverse shell -r
-s, --scan Perform system reconnaissance -s
-lh, --lhost Local IP for reverse shell -lh 192.168.1.100
-lp, --lport Local port for reverse shell -lp 4444
```
文件快照
[4.0K] /data/pocs/098276c34a05eb64477b75a9316cb751ac8c40a6
├── [ 10K] exploit.py
└── [2.4K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。