来源

关联漏洞

介绍

# Apache 2.4.50 - Path Traversal or Remote Code Execution
cve-2021-42013.py is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in [Apache 2.4.50](https://archive.apache.org/dist/httpd/httpd-2.4.50.tar.gz). Vulnerable instance of Docker is provided to get your hands dirty on [CVE-2021-42013](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42013)

If CGI-BIN is enabled than, we can perform Remote Code Execution but not Path Traversal, so "icons" directory has been added under Alias section in httpd.conf for checking Path Traversal vulnerability.

# Vulnerable Configurations in httpd.conf
```
1. Enable CGI-BIN
2. Add "icons" directory in Alias section
3. <Directory>Require all granted</Directory>
```

# Lab for CVE-2021-42013
### Build Docker
```
$ docker build -t cve-2021-42013 .
```
### Run Docker
```
$ docker run -it cve-2021-42013
```

# Usage cve-2021-42013.py
### Check for Path Traversal and Remote Code Execution
```
$ python3 cve-2021-42013.py -u http://172.17.0.2
```

### Path Traversal PoC
```
$ python3 cve-2021-42013.py -u http://172.17.0.2 -pt
```

### Remote Code Execution PoC
```
$ python3 cve-2021-42013.py -u http://172.17.0.2 -rce
```

### For bulk scanning, provide a text file containing IPs:
```
$ python3 cve-2021-42013.py -l list.txt
```
```
$ python3 cve-2021-42013.py -l list.txt -pt
```
```
$ python3 cve-2021-42013.py -l list.txt -rce
```

文件快照

 [4.0K]  /data/pocs/3d8d3d0a64d44b6e93c26963826a0ddb07ff41b5
├── [5.9K]  cve-2021-42013.py
├── [ 435]  Dockerfile
├── [ 18K]  httpd.conf
├── [1.4K]  README.md
└── [  39]  start.sh

0 directories, 5 files

备注