本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。傻瓜式导入url即可实现批量getshell。批量自动化测试。例如:Thinkphp,Struts2,weblogic。出现的最新漏洞进行实时跟踪并且更新例如:log4jRCE,向日葵 禅道RCE 瑞友天翼应用虚拟化系统sql注入导致RCE大华智慧园区上传,金蝶云星空漏洞等等.

Apache2 2.4.49 - LFI & RCE Exploit - CVE-2021-41773

A framework for bug hunting or pentesting targeting websites that have CVE-2021-41773 Vulnerability in public

Tool check: CVE-2021-41773, CVE-2021-42013, CVE-2020-17519

MASS CVE-2021-41773

Detectar vulnerabilidades script con nmap

Apache (Linux) CVE-2021-41773/2021-42013 Mass Vulnerability Checker

CVE-2021-41773&CVE-2021-42013图形化漏洞检测利用工具

This exploit is based on a few CVE vulnerabilities affecting Apache 2.4.49. We use URL-encoded characters to access certain files or otherwise restricted resources on the server. Possible RCE on certain systems as well.

CVE-2021-41773 | CVE-2021-42013 Exploit Tool (Apache/2.4.49-2.4.50)

CVE PoC

LFI / RCE Unauthenticated - Apache 2.4.49 & 2.4.50

CVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Exploited

Essay (and PoCs) about CVE-2021-41773, a remote code execution vulnerability in Apache 2.4.49 🕸️

These Metasploit, Nmap, Python and Ruby scripts detects and exploits CVE-2021-41773 with RCE and local file disclosure.

Lab setup for CVE-2021-41773 (Apache httpd 2.4.49) and CVE-2021-42013 (Apache httpd 2.4.50).

A little demonstration of cve-2021-41773 on httpd docker containers

Docker container lab to play/learn with CVE-2021-41773

Vulnerable configuration Apache HTTP Server version 2.4.49