CVE-2021-41773

Quick proof of concept

The script check for LFI and RCE in Apache 2.4.49, you can test a single target or a list. Make sure you specify HTTP or HTTPS for a single target.

Test only if you're authorized, be smart.

Example usage:

python3 cve2021-41773.py -target DOMAIN/IP -protocol HTTP/HTTPS -file domain_list.txt

Using a list of targets:

python3 cve2021-41773.py -file domain_list.txt

Testing a single target:

python3 cve2021-41773.py -target example.com -protocol HTTP

Contact:

Twitter – @0xAlmighty – MHhhbG1pZ2h0eUBwcm90b25tYWlsLmNvbQ==