
Path Traversal and RCE in Apache HTTP Server 2.4.49

Primary LanguagePython



Quick proof of concept

Python Version

The script check for LFI and RCE in Apache 2.4.49, you can test a single target or a list. Make sure you specify HTTP or HTTPS for a single target.

Test only if you're authorized, be smart.

Example usage:

python3 cve2021-41773.py -target DOMAIN/IP -protocol HTTP/HTTPS -file domain_list.txt

Using a list of targets:

python3 cve2021-41773.py -file domain_list.txt

Testing a single target:

python3 cve2021-41773.py -target example.com -protocol HTTP


Twitter – @0xAlmighty – MHhhbG1pZ2h0eUBwcm90b25tYWlsLmNvbQ==