关联漏洞
描述
Some docker images to play with CVE-2021-41773 and CVE-2021-42013
介绍
# CVE-2021-41773-Playground
Some docker images to play with CVE-2021-41773 and CVE-2021-42013
run `docker compose up -d` to spin up all the containers.
Servers will run on ports 8080, 8081, 8082, and 8083.
- 8080 contains an Apache 2.4.49 with CGI disabled.
- 8081 contains an Apache 2.4.49 with CGI enabled.
- 8082 contains an Apache 2.4.50 with CGI disabled.
- 8083 contains an Apache 2.4.50 with CGI enabled.
There are some flags on each server at /flag.txt See if you can grab them :)
There is a special flag hidden on the server on 8083 which requires a reverse shell (in principle)
文件快照
[4.0K] /data/pocs/50b9a86d0c5d905249477a1bf1e53e62c6b96368
├── [4.0K] apache-2.4.49
│ ├── [ 94] Dockerfile
│ ├── [ 29] flag.txt
│ └── [ 20K] httpd.conf
├── [4.0K] apache-2.4.49-cgi
│ ├── [ 94] Dockerfile
│ ├── [ 17] flag.txt
│ └── [ 20K] httpd.conf
├── [4.0K] apache-2.4.50
│ ├── [ 94] Dockerfile
│ ├── [ 24] flag.txt
│ └── [ 20K] httpd.conf
├── [4.0K] apache-2.4.50-cgi
│ ├── [ 175] Dockerfile
│ ├── [ 22] flag.txt
│ ├── [ 20K] httpd.conf
│ └── [ 32] root.txt
├── [ 545] docker-compose.yaml
└── [ 593] README.md
4 directories, 15 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。