Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-13945 PoC — Apache Apisix 安全漏洞

Source
https://github.com/Threekiii/Awesome-POC/blob/master/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/Apache%20APISIX%20%E9%BB%98%E8%AE%A4%E5%AF%86%E9%92%A5%E6%BC%8F%E6%B4%9E%20CVE-2020-13945.md
Associated Vulnerability
Title:Apache Apisix 安全漏洞 (CVE-2020-13945)
Description:Apache Apisix是Apache基金会的一个云原生的微服务API网关服务。该软件基于 OpenResty 和 etcd 来实现,具备动态路由和插件热加载,适合微服务体系下的 API 管理。 Apache APISIX 存在安全漏洞,该漏洞源于用户启用了管理API并删除了管理API访问IP限制规则。最终,默认令牌被允许访问APISIX管理数据。以下产品及版本受到影响:1.2版本,1.3版本,1.4版本,1.5版本。
File Snapshot

 # Apache APISIX 默认密钥漏洞 CVE-2020-13945

## 漏洞描述

Apache APISIX是一个高性能API网关。在用户未指定管理员Token或使用了默认配置文件的情况

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.