## https://sploitus.com/exploit?id=D5084D51-C8DF-5CBA-BC26-ACF2E33F8E52
# CVE-2022-31813 Vulnerability Checker
**Author**: Derek Odiorne
**GitHub**: [@dodiorne](https://github.com/dodiorne)
**Version**: 1.2
**Last Updated**: May 21, 2025
**MITRE ATT&CK Technique**: [T1190 โ Exploit Public-Facing Application](https://attack.mitre.org/techniques/T1190/)
---
## ๐ง Description
This tool is a **black-box vulnerability scanner** for detecting **CVE-2022-31813**, a path traversal and access control bypass vulnerability in **Apache HTTP Server โค 2.4.53** using `mod_proxy` and `ProxyPassMatch`.
It is designed for **penetration testers and red team operators** who want a non-intrusive and observable method to detect this vulnerability without requiring access to server configurations.
---
## ๐ Features
- ๐ Tests multiple bypass vectors using crafted HTTP requests
- โ Provides **clear vulnerability verdict** per host
- ๐ **Color-coded terminal output** for fast interpretation
- ๐ผ **Screenshots** each request via headless browser for forensics
- ๐ Logs all results into a structured **CSV report**
- ๐ก MITRE ATT&CK reference included for operational reporting
---
## ๐งช Tested On
- Python 3.8+
- Debian / Ubuntu / Kali Linux
- Google Chrome + ChromeDriver
---
## Install Requirements
pip install requests selenium pandas --break-system-packages
๐ ๏ธ Ensure ChromeDriver is installed and in your PATH.
โ๏ธ Usage
Scan a Single Host (port 80 by default)
python3 cve_2022_31813_checker.py -t example.com
Scan a Host on a Specific Port
python3 cve_2022_31813_checker.py -t example.com --port 8080
Scan Multiple Hosts
Create a targets.txt file:
example.com
192.168.1.10
web.server.org
Then run:
python3 cve_2022_31813_checker.py -f targets.txt --port 8000
๐ Output
After execution, you'll get a directory like:
cve_31813_output_20250521_153000/
โโโ results.csv
โโโ screenshots/
โโโ example_com_80__app_.._admin.png
โโโ ...
๐ Example Usage
The script supports scanning single or multiple hosts, using either HTTP or HTTPS, with automatic fallback detection for HTTPS redirection.
๐น Scan a Single Target (Default: HTTP on port 80)
python3 cve_2022_31813_checker.py -t example.com
๐น Scan a Single Target on HTTPS (port 443)
python3 cve_2022_31813_checker.py -t example.com --scheme https --port 443
๐น Scan a Single Target on a Custom Port (e.g., 8080)
python3 cve_2022_31813_checker.py -t example.com --port 8080
๐น Scan Multiple Targets from a File
Create a targets.txt file like:
example.com
192.168.1.100
secure.company.org
python3 cve_2022_31813_checker.py -f targets.txt
python3 cve_2022_31813_checker.py -f targets.txt --scheme https --port 443