## https://sploitus.com/exploit?id=0C5893BE-D12E-550A-A773-CCA8D215504F
# CVE-2021-41773 Exploit Development Demo
This repository demonstrates the identification, testing, and proof-of-concept exploitation of **CVE-2021-41773**, a path traversal vulnerability in Apache HTTP Server 2.4.49.
## Vulnerability Overview
**CVE-2021-41773** is a path traversal and file disclosure vulnerability affecting Apache HTTP Server versions 2.4.49.
A flaw in path normalization allowed attackers to bypass restrictions and map URLs to files outside the expected document root using specially encoded sequences (e.g., `.%2e/` which decodes to `../`).
If files outside the document root are not properly protected (e.g., missing `Require all denied` in ``), an attacker can:
- Read arbitrary files (such as `/etc/passwd`)
- In some configurations with CGI enabled, achieve remote code execution (RCE)
**Affected Versions**: Apache HTTP Server 2.4.49
**Patched Versions**: Apache HTTP Server 2.4.50 and later
**CVSS Score**: 7.5 (High) โ CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
**References**:
- [NVD - CVE-2021-41773](https://nvd.nist.gov/vuln/detail/CVE-2021-41773)
- [Apache Security Advisory](https://httpd.apache.org/security/vulnerabilities_24.html)
- [Qualys Analysis](https://blog.qualys.com/vulnerabilities-threat-research/2021/10/27/apache-http-server-path-traversal-remote-code-execution-cve-2021-41773-cve-2021-42013)
## Repository Contents
- `script.py` โ Python exploit script to test and exploit the vulnerability (dumps `/etc/passwd` if vulnerable)
- `report.py` โ Python script to generate a professional PDF report with screenshots and explanations
- `screenshots-cve-41773/` โ Folder containing proof screenshots:
- `1.png` โ Basic server response ("It works!")
- `2.png` โ Incorrect URL syntax test
- `3.png` โ Correct basic access confirmation
- `4.png` โ 404 on invalid path
- `5.png` โ Successful path traversal exploit showing `/etc/passwd` contents
- `report.pdf` (generated) โ Final PDF report with embedded screenshots and step-by-step documentation
## Setup and Reproduction Environment
This demo uses a Dockerized Apache 2.4.49 instance with CGI enabled and misconfigured directory permissions for educational purposes only.
### Docker Setup (from project root)
```bash
docker build -t apache-41773 .
docker run -d -p 8080:80 --name apache41773 apache-41773