Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-40438 PoC — mod_proxy SSRF

Source
https://github.com/xiaojiangxl/CVE-2021-40438
Associated Vulnerability
Title:mod_proxy SSRF (CVE-2021-40438)
Description:A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Readme
# CVE-2021-40438

请求 uri-path 可以导致 mod_proxy 将请求转发到远程用户选择的源服务器。此问题会影响 Apache HTTP Server 2.4.48 及更早版本。

    

攻击者可以通过制作请求来利用此漏洞uri路径,这导致 mod_proxy将请求转发到攻击者选择的源服务器。Apache HTTP Server的mod_proxy组件旨在为 Apache HTTP Server 实现代理/网关功能。 



Apache <= 2.4.48 - Mod_Proxy SSRF




## 解决方案


  此漏洞是作为 HTTP Server 2.4.49 版中发布的安全更新公告修复 Apache 的一部分发布的。受影响的系统应立即升级到最新版本 2.4.49。
File Snapshot

 [4.0K]  /data/pocs/880a122e03c8d0e6133315a408c5e98cc16bf89b
├── [7.7K]  poc.py
├── [7.9K]  POC批量.py
└── [ 639]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →