hackerfantastic.crypto on Twitter: "Oh good, CVE-2021-41773 is in fact also RCE providing mod-cgi is enabled. An attacker can call any binary on the system and supply environment variables (that's how CGI works!) -
PoC for Apache version 2.4.29 Exploit and using the weakness of /tmp folder Global Permission by default in Linux
![HackTheBox Write-Up — Shocker (Manual, Semi-Manual, & Metasploit) | by Bradley Fell, @FellSEC | Medium HackTheBox Write-Up — Shocker (Manual, Semi-Manual, & Metasploit) | by Bradley Fell, @FellSEC | Medium](https://miro.medium.com/max/1400/1*iGPi4pV2WCAzjd5TYJun9A.png)
HackTheBox Write-Up — Shocker (Manual, Semi-Manual, & Metasploit) | by Bradley Fell, @FellSEC | Medium
![Apache mod_cgi - Shellshock- Remote Command Injection | Manually Exploit | POC | Explain in Hindi - YouTube Apache mod_cgi - Shellshock- Remote Command Injection | Manually Exploit | POC | Explain in Hindi - YouTube](https://i.ytimg.com/vi/jp0eDGrHW1A/maxresdefault.jpg)
Apache mod_cgi - Shellshock- Remote Command Injection | Manually Exploit | POC | Explain in Hindi - YouTube
![Remote Code Execution (RCE) in CGI Servlet – Apache Tomcat on Windows – CVE-2019-0232 | Nightwatch Cybersecurity Remote Code Execution (RCE) in CGI Servlet – Apache Tomcat on Windows – CVE-2019-0232 | Nightwatch Cybersecurity](https://wwwsnightwatchcybersecuritycom.files.wordpress.com/2019/04/b3.png)