Course

This challenge focuses on exploiting CVE-2021-41773, a vulnerability in Apache Httpd 2.4.49 that enables attackers to read local files on the server. The issue is triggered by using a path containing a directory traversal sequence with ".%2e", allowing access to files like "/etc/passwd".

The course demonstrates how to exploit this vulnerability through a Server-Side Request Forgery (SSRF) attack. By modifying the URL to include the payload "cgi-bin/.%2e/.%2e/.%2e/.%2e/etc/passwd", participants can successfully read the targeted file. This lab provides a practical understanding of directory traversal and SSRF exploitation techniques.