Share
## https://sploitus.com/exploit?id=D5084D51-C8DF-5CBA-BC26-ACF2E33F8E52
# CVE-2022-31813 Vulnerability Checker

**Author**: Derek Odiorne  
**GitHub**: [@dodiorne](https://github.com/dodiorne)  
**Version**: 1.2  
**Last Updated**: May 21, 2025  
**MITRE ATT&CK Technique**: [T1190 โ€“ Exploit Public-Facing Application](https://attack.mitre.org/techniques/T1190/)

---

## ๐Ÿง  Description

This tool is a **black-box vulnerability scanner** for detecting **CVE-2022-31813**, a path traversal and access control bypass vulnerability in **Apache HTTP Server โ‰ค 2.4.53** using `mod_proxy` and `ProxyPassMatch`.

It is designed for **penetration testers and red team operators** who want a non-intrusive and observable method to detect this vulnerability without requiring access to server configurations.

---

## ๐Ÿš€ Features

- ๐Ÿ” Tests multiple bypass vectors using crafted HTTP requests
- โœ… Provides **clear vulnerability verdict** per host
- ๐ŸŒˆ **Color-coded terminal output** for fast interpretation
- ๐Ÿ–ผ **Screenshots** each request via headless browser for forensics
- ๐Ÿ“Š Logs all results into a structured **CSV report**
- ๐Ÿ›ก MITRE ATT&CK reference included for operational reporting

---

## ๐Ÿงช Tested On

- Python 3.8+
- Debian / Ubuntu / Kali Linux
- Google Chrome + ChromeDriver

---
## Install Requirements
pip install requests selenium pandas --break-system-packages
๐Ÿ› ๏ธ Ensure ChromeDriver is installed and in your PATH.

โš™๏ธ Usage
Scan a Single Host (port 80 by default)

python3 cve_2022_31813_checker.py -t example.com
Scan a Host on a Specific Port

python3 cve_2022_31813_checker.py -t example.com --port 8080
Scan Multiple Hosts
Create a targets.txt file:

example.com
192.168.1.10
web.server.org
Then run:

python3 cve_2022_31813_checker.py -f targets.txt --port 8000
๐Ÿ“ Output
After execution, you'll get a directory like:

cve_31813_output_20250521_153000/
โ”œโ”€โ”€ results.csv

โ””โ”€โ”€ screenshots/

    โ”œโ”€โ”€ example_com_80__app_.._admin.png
    
    โ”œโ”€โ”€ ...

๐Ÿš€ Example Usage
The script supports scanning single or multiple hosts, using either HTTP or HTTPS, with automatic fallback detection for HTTPS redirection.

๐Ÿ”น Scan a Single Target (Default: HTTP on port 80)
python3 cve_2022_31813_checker.py -t example.com

๐Ÿ”น Scan a Single Target on HTTPS (port 443)
python3 cve_2022_31813_checker.py -t example.com --scheme https --port 443

๐Ÿ”น Scan a Single Target on a Custom Port (e.g., 8080)
python3 cve_2022_31813_checker.py -t example.com --port 8080

๐Ÿ”น Scan Multiple Targets from a File
Create a targets.txt file like:
example.com
192.168.1.100
secure.company.org

python3 cve_2022_31813_checker.py -f targets.txt
python3 cve_2022_31813_checker.py -f targets.txt --scheme https --port 443