CVE-2021-41773

This challenge covers how to read arbitrary files by leveraging CVE-2021-41773

PRO
Tier
Easy
< 1 Hr.
447
Brown Badge

Course


This challenge focuses on exploiting CVE-2021-41773, a vulnerability in Apache Httpd 2.4.49 that enables attackers to read local files on the server. The issue is triggered by using a path containing a directory traversal sequence with ".%2e", allowing access to files like "/etc/passwd".

The course demonstrates how to exploit this vulnerability through a Server-Side Request Forgery (SSRF) attack. By modifying the URL to include the payload "cgi-bin/.%2e/.%2e/.%2e/.%2e/etc/passwd", participants can successfully read the targeted file. This lab provides a practical understanding of directory traversal and SSRF exploitation techniques.

Want to learn more? Get started with PentesterLab Pro! GO PRO