Simba Gill simrotion13
simrotion13
/ CVE-2021-45232
Created
January 6, 2022 14:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Mass exploitation of Apache APISIX Dashboard Unauthorized Access Vulnerability (CVE-2021-45232) | |
| In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed based on framework `droplet`, but some API directly use the interface of framework `gin` thus bypassing the authentication. | |
| Shodan Dork : title="Apache APISIX Dashboard" | |
| run below command to get list of ip running apache apisix application | |
| shodan search 'title="Apache APISIX Dashboard"' --fields ip_str,port --separator " " | awk '{print $1":"$2}' | tee -a temp.txt |
NewerOlder