Apache APISIX Dashboard — Unauthorized RCE (CVE-2021-45232)
Attackers can access certain interfaces without logging in to Apache APISIX Dashboard, thus making unauthorized changes or obtaining relevant configuration information such as Apache APISIX Route, Upstream, Service, etc., and cause problems such as SSRF, malicious traffic proxies built by attackers, and arbitrary code execution.
Shodan Dorks:
#apache #apisix #cve #poc
Attackers can access certain interfaces without logging in to Apache APISIX Dashboard, thus making unauthorized changes or obtaining relevant configuration information such as Apache APISIX Route, Upstream, Service, etc., and cause problems such as SSRF, malicious traffic proxies built by attackers, and arbitrary code execution.
Shodan Dorks:
title:"Apache APISIX Dashboard"PoC:
curl http://IP:9000/apisix/admin/migrate/exporthttps://apisix.apache.org/blog/2021/12/28/dashboard-cve-2021-45232/
#apache #apisix #cve #poc