POC详情: 3a97e6f2026a11127c900fc34184278a71cb619d

来源
https://github.com/r0otk3r/CVE-2021-41773
关联漏洞
标题: Apache HTTP Server 路径遍历漏洞 (CVE-2021-41773)
描述:Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 2.4.49版本存在路径遍历漏洞,攻击者可利用该漏洞使用路径遍历攻击将URL映射到预期文档根以外的文件。
介绍
# Apache Path Traversal & RCE Exploit  
**CVE-2021-41773 & CVE-2021-42013**

These are critical path traversal vulnerabilities affecting **Apache HTTP Server 2.4.49** and **2.4.50**.  
They allow attackers to:

- Access files outside the web root (LFI)
- Achieve Remote Code Execution (RCE) if CGI is enabled

Both vulnerabilities are **patched in Apache 2.4.51**.  
**Immediate upgrading is strongly recommended.**

---

##  Usage

```bash
python3 exploit.py --url <TARGET> --port [PORT] (--rce --command "COMMAND" | --lfi --path "/path/to/file")
```
Examples

-    Remote Code Execution:
````bash
python3 exploit.py --url http://192.168.1.10 --rce --command "id"
````
![RCE](https://github.com/user-attachments/assets/d666f5fc-27f5-4d58-a2ea-0918bcea69b9)

- Local File Inclusion:
```bash
python3 exploit.py --url http://192.168.1.10 --lfi --path "/etc/passwd"
````
![LFI](https://github.com/user-attachments/assets/da41505c-2b5a-40aa-b265-04e6ff11443b)

---

## ⚠️ Disclaimer
 
This exploit script is for authorized security testing, defensive research, and educational purposes only.

---

## Official Channels

- [YouTube @rootctf](https://www.youtube.com/@rootctf)
- [X @r0otk3r](https://x.com/r0otk3r)
文件快照

 [4.0K]  /data/pocs/3a97e6f2026a11127c900fc34184278a71cb619d
├── [5.2K]  exploit.py
└── [1.2K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。