漏洞平台

POC详情： b8f240a3536974044aea5a67d43d670ebc24fc78

来源

https://github.com/iosifache/ApacheRCEEssay

关联漏洞

标题： Apache HTTP Server 路径遍历漏洞 (CVE-2021-41773)
描述：Apache HTTP Server是美国阿帕奇（Apache）基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 2.4.49版本存在路径遍历漏洞，攻击者可利用该漏洞使用路径遍历攻击将URL映射到预期文档根以外的文件。

描述

Essay (and PoCs) about CVE-2021-41773, a remote code execution vulnerability in Apache 2.4.49 🕸️

介绍

# CVE-2021-41773 Essay 🕸️

## Description 🖼️

This repository contains an essay about CVE-2021-41773, a remote code execution vulnerability in Apache 2.4.49. This was created for a course from Faculty of Automatic Control and Computers, University POLITEHNICA of Bucharest, namely "*Cyberdefences and Cyberintelligence*".

## Folders Structure 📁

The folder structure is as follows:
- **[`demo`](demo)**: A proof of concept consisting in a Docker Compose architecture with two container: a vulnerable web server and an attacker having a Python exploit script  
- **[`document`](document)**: The LaTeX project and the exported document.
- **[`presentation`](presentation)**: The LaTeX project and the exported presentation.

## Preview 👀

| Document                                                                                                           | Presentation                                                                                                                   |
| ------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------ |
| <a href="document/export.pdf"><kbd><img src="document/preview.png" width="400px" alt="Document preview"></kbd></a> | <a href="presentation/export.pdf"><kbd><img src="presentation/preview.png" width="400px" alt="Presentation preview"></kbd></a> |

文件快照


 [4.0K]  /data/pocs/b8f240a3536974044aea5a67d43d670ebc24fc78
├── [4.0K]  demo
│   ├── [4.0K]  attacker
│   │   ├── [ 122]  Dockerfile
│   │   └── [ 443]  exploit.sh
│   ├── [ 233]  docker-compose.yaml
│   ├── [ 737]  README.md
│   └── [4.0K]  server
├── [4.0K]  document
│   ├── [ 78K]  export.pdf
│   ├── [406K]  preview.png
│   └── [4.0K]  project
│       ├── [2.0K]  bibliography.bib
│       ├── [275K]  IEEEtran.cls
│       └── [7.5K]  main.tex
├── [4.0K]  presentation
│   ├── [126K]  export.pdf
│   ├── [ 35K]  preview.png
│   └── [4.0K]  project
│       ├── [ 574]  configuration.tex
│       ├── [4.0K]  images
│       │   └── [7.2K]  acs.jpg
│       ├── [2.6K]  main.sty
│       └── [2.8K]  main.tex
├── [1.5K]  README.md
└── [ 373]  update_previews.sh

8 directories, 17 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。