关联漏洞
标题:
Apache HTTP Server 安全漏洞
(CVE-2024-38475)
描述:Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 2.4.59及之前版本存在安全漏洞,该漏洞源于输出转义不当,允许攻击者将URL映射无法通过任何URL直接访问的文件系统位置,从而导致代码执行或源代码泄露。
介绍
# CVE-2024-38475 POC
**Credit**: All credit to this guy: https://blog.orange.tw/ and https://x.com/orange_8361 all i did was make a POC script from his research.
**Introduction** : Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
I highly recommend staying with the wordlists i've used when developing this tool. The tool itself is work in progress, and might need modifications due to the url handling of files and directories. I've used `raft-medium-files.txt` and `raft-medium-directories.txt` while developing and testing the vulnerbillity on my own systems.
文件快照
[4.0K] /data/pocs/dd7407b8c50c535ee87e05b05b58db6e496a2f4a
├── [1.9K] CVE-2024-38475.py
├── [245K] raft-medium-directories.txt
├── [219K] raft-medium-files.txt
└── [1.1K] README.md
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。