本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。傻瓜式导入url即可实现批量getshell。批量自动化测试。例如:Thinkphp,Struts2,weblogic。出现的最新漏洞进行实时跟踪并且更新例如:log4jRCE,向日葵RCE 等等.
Apache2 2.4.49 - LFI & RCE Exploit - CVE-2021-41773
A framework for bug hunting or pentesting targeting websites that have CVE-2021-41773 Vulnerability in public
Tool check: CVE-2021-41773, CVE-2021-42013, CVE-2020-17519
Scripts de nmap , para detectar vulnerabilidades
Apache (Linux) CVE-2021-41773/2021-42013 Mass Vulnerability Checker
This exploit is based on a few CVE vulnerabilities affecting Apache 2.4.49. We use URL-encoded characters to access certain files or otherwise restricted resources on the server. Possible RCE on certa...
CVE-2021-41773 | CVE-2021-42013 Exploit Tool (Apache/2.4.49-2.4.50)
LFI / RCE Unauthenticated - Apache 2.4.49 & 2.4.50
CVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Exploited
Lab setup for CVE-2021-41773 (Apache httpd 2.4.49) and CVE-2021-42013 (Apache httpd 2.4.50).
Essay (and PoCs) about CVE-2021-41773, a remote code execution vulnerability in Apache 2.4.49 🕸️
Apache-HTTP-Server-2.4.50-RCE This tool is designed to test Apache servers for the CVE-2021-41773 / CVE-2021-42013 vulnerability. It is intended for educational purposes only and should be used respon...
These Metasploit, Nmap, Python and Ruby scripts detects and exploits CVE-2021-41773 with RCE and local file disclosure.
A little demonstration of cve-2021-41773 on httpd docker containers
Vulnerable configuration Apache HTTP Server version 2.4.49