CVE-2022-24112

Apache APISIX简介 Apache APISIX 是一个动态、实时、高性能的 API 网关， 提供负载均衡、动态上游、灰度发布、服务熔断、身份认证、可观测性等丰富的流量管理功能。Apache APISIX Dashboard 使用户可通过前端界面操作 Apache APISIX。 安全申明 本博客主要用于学习记录相关安全事件和漏洞文章，供

Apache APISIX apisix/batch-requests RCE

CVE-2022-24112 Apache APISIX apisix/batch-requests RCE

Apache APISIX Remote Code Execution (CVE-2022-24112) proof of concept exploit

Apache APISIX Remote Code Execution (CVE-2022-24112) Exploit Summary An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution When the admin key was changed or the port of Admin API was changed to a port different from the da

Apache APISIX batch-requests RCE(CVE-2022-24112)

CVE-2022-24112 Apache APISIX batch-requests RCE(CVE-2022-24112) 将目标放入urltxt python3 Apache_APISIX_RCE(CVE-2022-24112)py Cmd: <command>

CVE-2022-24112_POC

POC 收集的POC CVE-2022-24112 为了做春秋云境:CVE-2022-24112靶场环境，修改了两个POC，将M4xSec与twseptian两位师傅的POC稍作修改，适应春秋云境靶场： 春秋云境:CVE-2022-24112： Apache Apisix是美国阿帕奇（Apache）基金会的一个云原生的微服务API网关服务。该软件基于 OpenResty 和 etcd 来实现，具备动态路

CVE-2022-24112_POC

POC 收集的POC CVE-2022-24112 为了做春秋云境:CVE-2022-24112靶场环境，修改了两个POC，将M4xSec与twseptian两位师傅的POC稍作修改，适应春秋云境靶场： 春秋云境:CVE-2022-24112： Apache Apisix是美国阿帕奇（Apache）基金会的一个云原生的微服务API网关服务。该软件基于 OpenResty 和 etcd 来实现，具备动态路

CVE-2022-24112: Apache APISIX Remote Code Execution Vulnerability

CVE-2022-24112: Apache APISIX Remote Code Execution Vulnerability go run apisix-exploitgo -t <target> -c <command> Reference: nvdnistgov/vuln/detail/CVE-2022-24112 listsapacheorg/thread/dzmgf0bwfmt58rfbz611gqo2b56qyqwq

CVE-2022-24112: Apache APISIX Remote Code Execution Vulnerability

CVE-2022-24112: Apache APISIX Remote Code Execution Vulnerability go run apisix-exploitgo -t <target> -c <command> Reference: nvdnistgov/vuln/detail/CVE-2022-24112 listsapacheorg/thread/dzmgf0bwfmt58rfbz611gqo2b56qyqwq

Apache APISIX < 2.12.1 Remote Code Execution and Docker Lab

Apache APISIX &lt; 2121 Remote Code Execution and Docker Lab Let's clone using gitclone this repository, then we can navigate to apisix-docker/examples In this docker-composeyml file, we already change into image: apache/apisix:2120-alpine, because the vulnerability in this version, then let's install using docker compose QuickStart via docker-compose,we ca

Apache APISIX 2.12.1 Remote Code Execution by IP restriction bypass and using default admin AIP token

CVE-2022-24112-POC Apache APISIX 2121 Remote Code Execution by IP restriction bypass and using default admin AIP token Full walkthrough kavigihanmediumcom/apache-apisix-2-12-1-remote-code-execution-5f920b22ccff

CVE-2022-24112：Apache APISIX apisix/batch-requests RCE

CVE-2022-24112 CVE-2022-24112：Apache APISIX apisix/batch-requests RCE nuclei template ：CVE-2022-24112yaml 这个漏洞本质利用和 CVE-2021-45232 类似，都是绕过授权或未授权，来执行恶意的 route 里的 filter_func 或者 script 来执行命令 注意是事项 X-Real-IP 的值可以是 127001,localhost 或者 2130706433 pipeline 是必须项，以�