Estensioni PHP eseguibili

Verifica quali estensioni sta eseguendo il server Apache. Per cercarle puoi eseguire:

grep -R -B1 "httpd-php" /etc/apache2

Inoltre, alcuni luoghi in cui è possibile trovare questa configurazione sono:

/etc/apache2/mods-available/php5.conf
/etc/apache2/mods-enabled/php5.conf
/etc/apache2/mods-available/php7.3.conf
/etc/apache2/mods-enabled/php7.3.conf

CVE-2021-41773

Vulnerability Description

CVE-2021-41773 is a vulnerability in the Apache HTTP Server that allows remote attackers to execute arbitrary code or disclose sensitive information. This vulnerability affects Apache versions 2.4.49 and prior.

Exploitation

To exploit this vulnerability, an attacker can send a specially crafted HTTP request to the server, targeting the vulnerable mod_proxy module. By including a directory traversal sequence in the request, the attacker can access files outside the web root directory.

Impact

The impact of this vulnerability is significant, as it allows an attacker to view sensitive files, such as configuration files, credentials, or source code. Additionally, if the server is misconfigured, the attacker may be able to execute arbitrary code, leading to remote code execution.

Mitigation

To mitigate this vulnerability, it is recommended to upgrade to Apache version 2.4.50 or later, which includes a patch for this issue. Additionally, it is important to ensure that the server is properly configured and restricts access to sensitive files and directories.

References

• Apache Security Advisory

• CVE-2021-41773 on NVD

curl http://172.18.0.15/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh --data 'echo Content-Type: text/plain; echo; id; uname'
uid=1(daemon) gid=1(daemon) groups=1(daemon)
Linux