walnutsecurity/cve-2021-41773

cve-2021-41773.py is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in Apache 2.4.49

Apache 2.4.49 - Path Traversal or Remote Code Execution

cve-2021-41773.py is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in Apache 2.4.49. Vulnerable instance of Docker is provided to get your hands dirty on CVE-2021-41773

If CGI-BIN is enabled than, we can perform Remote Code Execution but not Path Traversal, so "icons" directory has been added under Alias section in httpd.conf for checking Path Traversal vulnerability.

Vulnerable Configurations in httpd.conf

1. Enable CGI-BIN
2. Add "icons" directory in Alias section
3. <Directory>Require all granted</Directory>

Lab for CVE-2021-41773

Build Docker

$ docker build -t cve-2021-41773 .

Run Docker

$ docker run -it cve-2021-41773

Usage cve-2021-41773.py

Check for Path Traversal and Remote Code Execution

$ python3 cve-2021-41773.py -u http://172.17.0.2

Path Traversal PoC

$ python3 cve-2021-41773.py -u http://172.17.0.2 -pt

Remote Code Execution PoC

$ python3 cve-2021-41773.py -u http://172.17.0.2 -rce

For bulk scanning, provide a text file containing IPs:

$ python3 cve-2021-41773.py -l list.txt

$ python3 cve-2021-41773.py -l list.txt -pt

$ python3 cve-2021-41773.py -l list.txt -rce

More information can be found here.

References

• https://nvd.nist.gov/vuln/detail/CVE-2021-41773
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41773
• https://httpd.apache.org/security/vulnerabilities_24.html
• https://www.cve.org/CVERecord?id=CVE-2021-41773
• https://walnutsecurity.com/path-traversal-remote-code-execution-in-apache/