漏洞平台

POC详情： 81eb7ec65b45afa52e7af106bae94313268a6b1c

来源

https://github.com/walnutsecurity/cve-2021-41773

关联漏洞

标题： Apache HTTP Server 路径遍历漏洞 (CVE-2021-41773)
描述：Apache HTTP Server是美国阿帕奇（Apache）基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 2.4.49版本存在路径遍历漏洞，攻击者可利用该漏洞使用路径遍历攻击将URL映射到预期文档根以外的文件。

描述

cve-2021-41773.py is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in Apache 2.4.49

介绍

# Apache 2.4.49 - Path Traversal or Remote Code Execution
cve-2021-41773.py is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in [Apache 2.4.49](https://archive.apache.org/dist/httpd/httpd-2.4.49.tar.gz). Vulnerable instance of Docker is provided to get your hands dirty on [CVE-2021-41773](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41773)

If CGI-BIN is enabled than, we can perform Remote Code Execution but not Path Traversal, so "icons" directory has been added under Alias section in httpd.conf for checking Path Traversal vulnerability.

# Vulnerable Configurations in httpd.conf
```
1. Enable CGI-BIN
2. Add "icons" directory in Alias section
3. <Directory>Require all granted</Directory>
```

# Lab for CVE-2021-41773
### Build Docker
```
$ docker build -t cve-2021-41773 .
```
### Run Docker
```
$ docker run -it cve-2021-41773
```

# Usage cve-2021-41773.py
### Check for Path Traversal and Remote Code Execution
```
$ python3 cve-2021-41773.py -u http://172.17.0.2
```

### Path Traversal PoC
```
$ python3 cve-2021-41773.py -u http://172.17.0.2 -pt
```

### Remote Code Execution PoC
```
$ python3 cve-2021-41773.py -u http://172.17.0.2 -rce
```

### For bulk scanning, provide a text file containing IPs:
```
$ python3 cve-2021-41773.py -l list.txt
```
```
$ python3 cve-2021-41773.py -l list.txt -pt
```
```
$ python3 cve-2021-41773.py -l list.txt -rce
```

More information can be found [here](https://walnutsecurity.com/path-traversal-remote-code-execution-in-apache/).

### References
* https://nvd.nist.gov/vuln/detail/CVE-2021-41773
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41773
* https://httpd.apache.org/security/vulnerabilities_24.html
* https://www.cve.org/CVERecord?id=CVE-2021-41773
* https://walnutsecurity.com/path-traversal-remote-code-execution-in-apache/

文件快照


 [4.0K]  /data/pocs/81eb7ec65b45afa52e7af106bae94313268a6b1c
├── [5.6K]  cve-2021-41773.py
├── [ 416]  Dockerfile
├── [ 18K]  httpd.conf
└── [1.8K]  README.md

0 directories, 4 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。