Exploit for Path Traversal in Apache Http Server CVE-2021-41773 CVE-2021-42013

Name: Exploit for Path Traversal in Apache Http Server CVE-2021-41773 CVE-2021-42013
Rating: 5 (145 reviews)

2021-10-09 | CVSS 7.5

## https://sploitus.com/exploit?id=D0368327-F989-5557-A5C6-0D9ACDB4E72F
# cve-2021-41773 and cve-2021-42013

cve-2021-41773 和 cve-2021-42013 批量验证python脚本

运行环境：python3

用法：python3 poc.py url.txt

url.txt放待检测的url，存在漏洞的url会被写入success.txt

验证内容很简单，get请求发送`cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/etc/passwd`就行，但是我用requests发包发现不行，抓包发现`%2e`会被自动解码成`.`，于是采用urllib发包，发现没问题，本地测试成功。