关联漏洞
标题:Apache APISIX 安全漏洞 (CVE-2022-24112)Description:Apache Apisix是美国阿帕奇(Apache)基金会的一个云原生的微服务API网关服务。该软件基于 OpenResty 和 etcd 来实现,具备动态路由和插件热加载,适合微服务体系下的 API 管理。 Apache APISIX 中存在安全漏洞,该漏洞源于产品的batch-requests插件未对用户的批处理请求进行有效限制。攻击者可通过该漏洞绕过Admin Api的限制。 以下产品及版本受到影响:Apache APISIX 2.10.4 之前版本、Apache APISIX 2.12.1 之前
介绍
# Apache APISIX 2.12.x Remote Code Execution (RCE) Exploit
This Python script is a Proof-of-Concept (PoC) for a remote code execution (RCE) vulnerability in Apache APISIX versions 2.12.0 and 2.12.1.
The vulnerability lies in the misuse of the `filter_func` Lua field within the admin API, allowing an attacker to inject arbitrary Lua code that executes system commands via `io.popen`. The response from the command is returned in the HTTP response using `ngx.say()`.
> ⚠️ **DISCLAIMER**: This tool is intended for authorized testing and educational purposes only. Do not use it on systems you do not own or have explicit permission to test.
---
## 🧰 Requirements
- Python 3.6+
- `requests` library (`pip install requests`)
---
## 🚀 Usage
### 📁 File Name
`exploit.py`
### 🔧 Syntax
```bash
python3 exploit.py -d <target_domain_or_ip> -p <port> -c <command>
```
```bash
python3 exploit.py -d 127.0.0.1 -p 9080 -c id
python3 exploit.py --domain 192.168.1.100 --cmd "uname -a"
python3 exploit.py -d vulnerable.host.local -c "cat /etc/passwd"
```
文件快照
[4.0K] /data/pocs/7afa866951a9829e939cca987fca9e83de26f76f
├── [2.5K] exploit.py
└── [1.0K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。