cve-2021-41773

本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。傻瓜式导入url即可实现批量getshell。批量自动化测试。例如:Thinkphp,Struts2,weblogic。出现的最新漏洞进行实时跟踪并且更新例如:log4jRCE,向日葵RCE 等等.

Apache2 2.4.49 - LFI & RCE Exploit - CVE-2021-41773

A framework for bug hunting or pentesting targeting websites that have CVE-2021-41773 Vulnerability in public

Tool check: CVE-2021-41773, CVE-2021-42013, CVE-2020-17519

MASS CVE-2021-41773

Scripts de nmap , para detectar vulnerabilidades

Apache (Linux) CVE-2021-41773/2021-42013 Mass Vulnerability Checker

This exploit is based on a few CVE vulnerabilities affecting Apache 2.4.49. We use URL-encoded characters to access certain files or otherwise restricted resources on the server. Possible RCE on certain systems as well.

CVE-2021-41773&CVE-2021-42013图形化漏洞检测利用工具

CVE-2021-41773 | CVE-2021-42013 Exploit Tool (Apache/2.4.49-2.4.50)

LFI / RCE Unauthenticated - Apache 2.4.49 & 2.4.50

CVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Exploited

CVE PoC

Lab setup for CVE-2021-41773 (Apache httpd 2.4.49) and CVE-2021-42013 (Apache httpd 2.4.50).

Essay (and PoCs) about CVE-2021-41773, a remote code execution vulnerability in Apache 2.4.49 🕸️

Apache-HTTP-Server-2.4.50-RCE This tool is designed to test Apache servers for the CVE-2021-41773 / CVE-2021-42013 vulnerability. It is intended for educational purposes only and should be used responsibly on systems you have explicit permission to test.

These Metasploit, Nmap, Python and Ruby scripts detects and exploits CVE-2021-41773 with RCE and local file disclosure.

A little demonstration of cve-2021-41773 on httpd docker containers

Vulnerable configuration Apache HTTP Server version 2.4.49