关联漏洞
Description
Some docker images to play with CVE-2021-41773 and CVE-2021-42013
介绍
# CVE-2021-41773-Playground
Some docker images to play with CVE-2021-41773 and CVE-2021-42013
run `docker compose up -d` to spin up all the containers.
Servers will run on ports 8080, 8081, 8082, and 8083.
- 8080 contains an Apache 2.4.49 with CGI disabled.
- 8081 contains an Apache 2.4.49 with CGI enabled.
- 8082 contains an Apache 2.4.50 with CGI disabled.
- 8083 contains an Apache 2.4.50 with CGI enabled.
There are some flags on each server at /flag.txt See if you can grab them :)
There is a special flag hidden on the server on 8083 which requires a reverse shell (in principle)
文件快照
[4.0K] /data/pocs/50b9a86d0c5d905249477a1bf1e53e62c6b96368
├── [4.0K] apache-2.4.49
│ ├── [ 94] Dockerfile
│ ├── [ 29] flag.txt
│ └── [ 20K] httpd.conf
├── [4.0K] apache-2.4.49-cgi
│ ├── [ 94] Dockerfile
│ ├── [ 17] flag.txt
│ └── [ 20K] httpd.conf
├── [4.0K] apache-2.4.50
│ ├── [ 94] Dockerfile
│ ├── [ 24] flag.txt
│ └── [ 20K] httpd.conf
├── [4.0K] apache-2.4.50-cgi
│ ├── [ 175] Dockerfile
│ ├── [ 22] flag.txt
│ ├── [ 20K] httpd.conf
│ └── [ 32] root.txt
├── [ 545] docker-compose.yaml
└── [ 593] README.md
4 directories, 15 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →