Apache HTTP Server path traversal and possible RCE in 2.4.49/2.4.50

Small single-script Python exploit repository targeting Apache HTTP Server path traversal/RCE vulnerabilities CVE-2021-41773 and CVE-2021-42013. The repository contains only four files: a standard .gitignore, GPL license, a minimal README naming the Apache CVE, and the main exploit script exploit.py. The exploit script is the only code file and serves as the entry point. The script accepts four command-line arguments: target host, target port, attacker IP, and attacker port. It constructs an HTTP URL pointing to a traversal path under /cgi-bin/ that resolves to /bin/bash on the target: /cgi-bin/.%2e/.../bin/bash. It then sends a POST request using the local curl binary via subprocess.run, with a payload that prints a CGI header and launches an interactive bash reverse shell to the attacker using /dev/tcp. This makes the exploit an active RCE exploit rather than a detector. Operationally, the exploit depends on a vulnerable Apache configuration where CGI execution is reachable and the traversal flaw can be used to execute /bin/bash. It also assumes a Unix-like target with bash available and outbound network access from the victim to the attacker listener. There is no target validation, no vulnerability check, no payload customization beyond command-line callback parameters, and no error handling beyond catching subprocess exceptions. Overall, this is a straightforward proof-of-concept/operational reverse-shell exploit for vulnerable Apache 2.4.49/2.4.50 deployments.

Repository purpose: a Python-based interactive LFI/path traversal fuzzer focused on discovering and exfiltrating SSH artifacts from a vulnerable web server via file-read primitives. Key files and structure (11 files): - LFI-SSH-FUZZER.py: main tool. Implements an interactive scanner with options for advanced mode, user-agent rotation, rate limiting, proxy support, custom headers, cookie handling, timeouts, traversal depth, and redirect handling. It targets two LFI styles: (1) path-segment traversal and (2) query-parameter LFI. It confirms LFI by reading /etc/passwd, parses usernames, then attempts to locate and download SSH-related files for those users. - encoding_patterns.json: database of traversal encodings/obfuscations, including Apache-specific patterns for CVE-2021-41773 and CVE-2021-42013, plus PHP wrapper examples (php://filter, data://). - headers.json: header profiles for “bypass”/testing (X-Forwarded-For, CF headers, debug headers, etc.) to help reach internal-only routes or evade simplistic controls. - proxies.txt, cookies.txt, user_agents.txt: operator convenience lists for routing through tools (Burp/ZAP/Tor), supplying authenticated cookies, and rotating UAs. - README.md and quick_reference.md: usage notes; explicitly claims support for Apache 2.4.49/2.4.50 traversal (CVE-2021-41773) and SSH key discovery. - install_dependencies.sh: installs Python deps (colorama; optionally requests/bs4/urllib3) and creates local directories (artifacts/, config_examples/, tests/). Exploit capabilities (actionable): - Network-based exploitation of LFI/path traversal to read arbitrary local files. - Automated enumeration: reads /etc/passwd, extracts users, then hunts for SSH artifacts (keys and related files) and downloads them locally. - Bypass/fuzzing support: multiple traversal encodings (single/double/triple encoding, unicode slashes, Windows backslashes), Apache traversal variants, null-byte/wrapper patterns, and header/cookie/proxy features to operate against authenticated or filtered endpoints. No hardcoded victim infrastructure is present beyond example targets and local proxy endpoints; the actual target host/URL is provided interactively/through CLI arguments.

Repository purpose: a Python PoC/exploit helper for Apache httpd path traversal and optional CGI-based RCE affecting 2.4.49 (CVE-2021-41773) and 2.4.50 (CVE-2021-42013), plus a Docker lab to spin up a vulnerable 2.4.50 instance. Structure: - cve-2021-42013.py: main exploit script. It performs a HEAD request to the target to read the `Server` header and chooses payloads based on whether the version string contains “49” or “50”; otherwise it tries both CVEs. It supports: - Path traversal check/PoC (-pt): requests a crafted /icons/ traversal URL and considers the target vulnerable if response contains "root:". - RCE check/PoC (-rce): POSTs to a crafted /cgi-bin/ traversal URL ending in /bin/sh with body "echo;id" and considers the target vulnerable if response contains "uid=". - Bulk scanning (-l): iterates over a list of URLs. - Dockerfile: builds Apache httpd 2.4.50 from source on Ubuntu 20.04, installs it to /, copies in httpd.conf, and runs httpd in foreground. - httpd.conf: Apache configuration intended to be vulnerable for testing; README notes enabling CGI-BIN and adding an Alias for "icons" to make traversal testing possible. - README.md: usage examples and lab setup instructions. Notable implementation details/limitations: - The script is primarily a PoC/verification tool (hardcoded checks and command `id`), not a full interactive shell. - It relies on the `Server` header substring matching ("49"/"50"), which may be absent/modified; in that case it falls back to trying both payload styles. - The traversal/RCE endpoints are relative to the user-supplied base URL (e.g., http(s)://host:port + payload path).

This repository contains a Python exploit (exploit.py) targeting Apache HTTP Server vulnerabilities CVE-2021-41773 (path traversal) and CVE-2021-42013 (remote code execution). The exploit leverages a curl backend to reliably bypass URL encoding issues and execute arbitrary commands on vulnerable Apache servers. It supports multiple exploitation modes: single command execution, interactive shell, reverse shell generation (with several payload types), and system reconnaissance. The exploit is operational and requires the attacker to specify the target URL and, for reverse shells, the attacker's IP and port. The main attack vector is network-based, exploiting a crafted HTTP POST request to a path traversal endpoint that ultimately executes commands via /cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/bin/sh. The code is self-contained, requires only Python 3.6+, curl, and netcat, and is cross-platform. The README provides detailed usage instructions and describes the vulnerabilities and their impact. No hardcoded IPs or domains are used for targeting, but the exploit does use 8.8.8.8 to determine the local IP address for reverse shell setup.

This repository contains a Python exploit script (POC-CVE.py) targeting the Apache HTTP Server Path Traversal and Remote Code Execution vulnerability (CVE-2021-42013). The exploit leverages a double-encoded path traversal sequence to access the /cgi-bin/ directory and execute arbitrary commands via /bin/sh. The script features an interactive menu with two main modes: 'scan_file' for mass scanning of targets listed in a file, and 'exploit' for direct exploitation of a single target. Upon successful exploitation, the script delivers a reverse shell payload (customized for Linux or Windows) to the attacker's specified LHOST and LPORT, providing remote command execution capabilities. The script includes advanced logging, progress bars, and user prompts for ease of use. The repository also contains a README.md with detailed usage instructions, legal disclaimers, and technical background, as well as a requirements.txt listing the necessary Python dependencies. No hardcoded IPs or domains are present; the main fingerprintable endpoint is the crafted path traversal URL used in the exploit. The exploit is operational and suitable for authorized penetration testing or research in controlled environments.

This repository provides a working proof-of-concept exploit for CVE-2021-42013, a critical path traversal and remote code execution vulnerability in Apache HTTP Server versions 2.4.49 and 2.4.50. The repository includes a Dockerfile to build a vulnerable Apache environment, a custom httpd.conf for configuration, a Bash exploit script (cve-2021-42013.sh), and a README with detailed usage instructions. The exploit script leverages a crafted HTTP request to the /cgi-bin/ path with encoded traversal sequences, allowing attackers to read arbitrary files or execute arbitrary commands if CGI is enabled. The README demonstrates how to use the script to read /etc/passwd, execute shell commands, and obtain a reverse shell. The attack vector is network-based, targeting HTTP endpoints exposed by the vulnerable Apache server. The repository is operational and suitable for security research and testing in controlled environments.

This repository contains a Python exploit script (exploit.py) targeting Apache HTTP Server versions 2.4.49 and 2.4.50, specifically for CVE-2021-41773 and CVE-2021-42013. The exploit provides two main capabilities: (1) arbitrary file read via path traversal, and (2) remote code execution (RCE) via a crafted POST request to a vulnerable CGI endpoint. The script takes command-line arguments for the target host, port, operation (rce or file), and the command or file path. It constructs specific URL payloads to exploit the vulnerabilities and provides an interactive shell for further exploitation. The repository is structured with a single exploit script, a README with usage instructions, and a license file. No hardcoded IPs or domains are present; the script dynamically targets user-specified hosts. The exploit is operational, providing a working payload for both file read and RCE, and is not part of a larger framework.

This repository provides a Python-based exploit and detection tool for Apache HTTP Server CVE-2021-42013, which affects versions 2.4.49 and 2.4.50. The exploit leverages insufficient path traversal protections to read arbitrary files (such as /etc/passwd) and, if CGI is enabled, to achieve remote code execution by sending crafted HTTP requests to /cgi-bin/bin/sh. The main script, check.py, reads a list of target IPs from ip.txt and attempts both file read and RCE exploits against each. The tool prints out which targets are vulnerable and provides the output of successful exploits. The repository includes a README.md with detailed usage instructions, vulnerability background, and example payloads. The only code file is check.py, which contains both proof-of-concept and exploit logic. The attack vector is network-based, targeting HTTP(S) endpoints. The repository is operational, providing working exploit code and detection capabilities.

This repository provides a proof-of-concept exploit for CVE-2021-42013, a path traversal vulnerability in Apache HTTP Server 2.4.50. The repository contains two files: a README.md with basic information and social media links, and a 'payload' file containing several curl commands. These commands exploit the path traversal flaw by sending HTTP requests with specially crafted URL encodings to access the /etc/passwd file on a vulnerable server. The exploit demonstrates the ability to read arbitrary files from the server's filesystem via network requests. The code is simple, written as bash commands, and serves as a demonstration rather than a weaponized or automated exploit.

This repository provides a Python script ('apache-httpd-path-traversal.py') that exploits path traversal vulnerabilities in Apache HTTP Server versions 2.4.49 and 2.4.50 (CVE-2021-41773 and CVE-2021-42013). The script can check single or multiple URLs for vulnerability, attempt to read arbitrary files (such as /etc/passwd), and, if CGI is enabled, execute arbitrary commands on the server. It uses several path traversal payloads and supports both file read and RCE modes. The script is multi-threaded for batch testing and allows customization of target directories and payloads. The repository includes a README with usage instructions, a sample 'urls.txt' for batch mode, and a 'batch_result' directory for output. The main attack vector is network-based HTTP requests targeting exposed Apache directories. The exploit is operational and can be used for both detection and exploitation, depending on the configuration of the target server.

This repository contains a Python exploit script (exploit.py) targeting CVE-2021-42013, a remote code execution vulnerability in Apache HTTP Server 2.4.50. The exploit works by sending a crafted POST request to a path-traversed CGI endpoint (/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/bin/sh) on the target server, with the body containing a shell command to execute. The script connects directly to the target using a raw socket, constructs the HTTP request manually, and displays the output of the executed command. The repository also includes a README.md with usage instructions and a requirements.txt listing the 'colorama' dependency. The exploit demonstrates operational capability, as it allows arbitrary command execution on vulnerable servers.

This repository contains a Python exploit script (50512.py) targeting Apache HTTP Server 2.4.50 for CVE-2021-41773 and CVE-2021-42013. The exploit checks if the target server is running the vulnerable Apache version by inspecting HTTP headers. If the server is vulnerable, it attempts two attacks: (1) directory traversal to read /etc/passwd, and (2) remote code execution (RCE) if CGI is enabled, by sending a reverse shell payload to /cgi-bin/.%%32%65.../bin/bash. The attacker must provide a file with target URLs and specify their own IP and port for the reverse shell. The repository includes a README with usage instructions, a requirements file for dependencies, and a BSD license. The exploit is operational, providing a working reverse shell if successful, and is intended for educational use only.

This repository contains a Python-based proof-of-concept exploit for CVE-2021-42013, a critical remote code execution vulnerability affecting Apache HTTP Server versions 2.4.49 and 2.4.50. The exploit leverages a path traversal flaw in the handling of URLs by the server, specifically targeting the '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/bin/sh' endpoint to bypass directory restrictions and execute arbitrary commands if CGI is enabled. The main script, 'CVE-2021-42013.py', provides both scanning and exploitation capabilities: it can test single or multiple targets for vulnerability and, if successful, deliver a bash reverse shell payload to the attacker's specified host and port. The exploit requires the attacker to provide a target URL, local host, and port for the reverse shell. The repository also includes a README.md with background information, exploitation details, and mitigation advice. The exploit is operational, providing a working reverse shell if the target is vulnerable and properly configured.

This repository provides a Python-based tool for testing Apache HTTP Server and Apache Flink installations for path traversal vulnerabilities (CVE-2021-41773, CVE-2021-42013, CVE-2020-17519). The main script (main.py) orchestrates multi-threaded HTTP(S) requests to a list or range of target IPs, using a set of crafted path traversal payloads defined in assets/exploits.json. The tool attempts to access sensitive files (such as /etc/passwd) by exploiting improper input validation in vulnerable servers. Results are logged to output files, with successful exploitation attempts recorded in output/vuln.txt. The codebase is modular, with separate modules for threading, HTTP requests, file handling, and optional Shodan integration. The tool is operational and can be used to automate the detection and exploitation of these specific path traversal vulnerabilities across multiple targets.

This repository provides a working exploit for CVE-2021-42013 (and CVE-2021-41773) affecting Apache HTTP Server versions 2.4.49 and 2.4.50. The main exploit script, cve-2021-42013.py, is a Python tool that can test for and exploit both path traversal and remote code execution vulnerabilities. It supports single-target and bulk scanning modes. The exploit works by sending specially crafted HTTP requests to vulnerable endpoints: for path traversal, it attempts to read sensitive files like /etc/passwd via the /icons/ alias; for RCE, it targets the /cgi-bin/ directory to execute arbitrary shell commands. The repository includes a Dockerfile and a vulnerable httpd.conf to facilitate local testing, allowing users to spin up a vulnerable Apache instance. The exploit is operational, providing real file read and command execution capabilities if the target is vulnerable. No framework is used; the code is standalone.

This repository contains a Python exploit script (main.py) targeting path traversal and remote code execution vulnerabilities in Apache HTTP Server versions 2.4.49 and 2.4.50 (CVE-2021-41773 and CVE-2021-42013). The exploit works by sending crafted HTTP requests to URLs on the target server, attempting to traverse directories and access sensitive files such as /etc/passwd. If CGI is enabled on the server, the script can escalate to remote code execution by sending POST requests to /cgi-bin endpoints, executing arbitrary shell commands (e.g., via /bin/bash). The script first checks the server version via HTTP headers, then attempts both file disclosure and RCE payloads depending on the configuration. The repository includes a README with background on the vulnerabilities, a requirements.txt for dependencies (requests, termcolor), and a standard MIT license. The main entry point is main.py, which takes a file containing target URLs and automates the exploitation process. No hardcoded IPs or domains are present; the script is designed to be used against user-supplied targets.

This repository contains a Bash proof-of-concept exploit (PoC.sh) and a README.md for Apache HTTP Server versions 2.4.49 and 2.4.50, targeting CVE-2021-41773 and CVE-2021-42013. The exploit leverages a path traversal vulnerability in the cgi-bin endpoint, allowing attackers to read arbitrary files (such as /etc/passwd) or achieve remote code execution by sending crafted HTTP POST requests with encoded traversal sequences. The script takes a list of target URLs and a file path or command to execute, iterating over each target and issuing the exploit request. The README provides usage instructions and context. The main attack vector is network-based, exploiting HTTP endpoints. The repository is structured simply, with one Bash exploit script and documentation.