Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)! Njia nyingine za kusaidia HackTricks: * Ikiwa unataka kuona **kampuni yako inatangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)! * Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com) * Gundua [**The PEASS Family**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [**NFTs**](https://opensea.io/collection/the-peass-family) * **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.** * **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
# Vipengele vya PHP vinavyoweza kutekelezwa Angalia vipengele ambavyo Apache server inatekeleza. Unaweza kuyatafuta kwa kutekeleza: ```bash grep -R -B1 "httpd-php" /etc/apache2 ``` Pia, maeneo kadhaa ambapo unaweza kupata usanidi huu ni: ```bash /etc/apache2/mods-available/php5.conf /etc/apache2/mods-enabled/php5.conf /etc/apache2/mods-available/php7.3.conf /etc/apache2/mods-enabled/php7.3.conf ``` # CVE-2021-41773 ## Description CVE-2021-41773 is a vulnerability in the Apache HTTP Server that allows remote attackers to execute arbitrary code or disclose sensitive information. This vulnerability affects Apache versions 2.4.49 and prior. ## Exploitation To exploit this vulnerability, an attacker can send a specially crafted HTTP request to the vulnerable server. By including a directory traversal sequence in the request, the attacker can access files outside of the server's document root directory. ## Impact The impact of this vulnerability can be severe. An attacker can potentially gain unauthorized access to sensitive files, such as configuration files, user data, or even execute arbitrary code on the server. ## Mitigation To mitigate this vulnerability, it is recommended to upgrade to Apache version 2.4.50 or later. Additionally, it is advised to implement proper access controls and restrict access to sensitive files and directories. ## References - [CVE-2021-41773 - Apache HTTP Server Directory Traversal Vulnerability](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41773) - [Apache HTTP Server](https://httpd.apache.org/) ```bash curl http://172.18.0.15/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh --data 'echo Content-Type: text/plain; echo; id; uname' uid=1(daemon) gid=1(daemon) groups=1(daemon) Linux ```
Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)! Njia nyingine za kusaidia HackTricks: * Ikiwa unataka kuona **kampuni yako ikionekana katika HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)! * Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com) * Gundua [**The PEASS Family**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee * **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.** * **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwenye** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.