关联漏洞
标题:
Apache Apisix 安全漏洞
(CVE-2020-13945)
描述:Apache Apisix是Apache基金会的一个云原生的微服务API网关服务。该软件基于 OpenResty 和 etcd 来实现,具备动态路由和插件热加载,适合微服务体系下的 API 管理。 Apache APISIX 存在安全漏洞,该漏洞源于用户启用了管理API并删除了管理API访问IP限制规则。最终,默认令牌被允许访问APISIX管理数据。以下产品及版本受到影响:1.2版本,1.3版本,1.4版本,1.5版本。
描述
PoC exploit for CVE-2020-13945 - Apache APISIX Remote Code Execution (RCE)
介绍
# CVE-2020-13945 - Apache APISIX Remote Code Execution (RCE)
This repository contains a proof-of-concept (PoC) exploit for a vulnerability in Apache APISIX. The vulnerability arises when the Admin API is enabled and the access IP restriction rules are deleted, allowing the default token to access APISIX management data. This affects versions 1.2, 1.3, 1.4, and 1.5.
## Table of Contents
- [Overview](#overview)
- [Affected Versions](#affected-versions)
- [Setup](#setup)
- [Usage](#usage)
- [Mitigation](#mitigation)
- [Disclaimer](#disclaimer)
## Overview
Apache APISIX is a dynamic, real-time, high-performance API gateway. A critical security vulnerability exists in versions 1.2 to 1.5, where enabling the Admin API and deleting the Admin API access IP restriction rules permits unauthorized access using the default token.
## Affected Versions
- Apache APISIX 1.2
- Apache APISIX 1.3
- Apache APISIX 1.4
- Apache APISIX 1.5
## Setup
1. Clone the repository:
```bash
git clone https://github.com/Pixelcraftch/CVE-2020-13945-EXPLOIT
cd CVE-2020-13945
```
2. Install dependencies:
```bash
pip install -r requirements.txt
```
## Usage
1. Ensure Apache APISIX is running and the Admin API is enabled.
2. Run the exploit script:
```bash
python CVE-2020-13945.py -u <target>
python CVE-2020-13945.py -f <target_file> -t 77
```
Replace `<target(s)>` with the url of the target APISIX instance to exploit.
## Mitigation
To mitigate this vulnerability:
1. **Do not delete the Admin API access IP restriction rules.** Ensure they are configured correctly to restrict access to trusted IPs only.
2. **Change the default token.** Use a strong, unique token for accessing the Admin API.
For detailed information on configuring security settings, refer to the [Apache APISIX documentation](https://apisix.apache.org/docs/apisix/getting-started).
## Disclaimer
This PoC exploit is intended for educational purposes only. Use it at your own risk. Unauthorized use of this tool against systems without explicit permission is illegal and unethical. The author is not responsible for any damage caused by the use of this exploit.
文件快照
[4.0K] /data/pocs/0e5f58062a002934d7b882e6a18006c7995ea3b1
├── [6.1K] CVE-2020-13945.py
├── [2.1K] README.md
└── [ 44] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。