CVE-2021-45232

Description

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework droplet on the basis of framework gin, all APIs and authentication middleware are developed based on framework droplet, but some API directly use the interface of framework gin thus bypassing the authentication.

NVD
Severity: CRITICAL
CVE ID: CVE-2021-45232
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2021-45232

Refrence: Project Discovery GitHub

Osyanina

A vulnerability scanner that detects CVE-2021-45232 vulnerabilities.

Refrence: GitHub

badboycxcc

Refrence: GitHub

LTiDi2000

Refrence: GitHub

Ilovewomen

Refrence: GitHub

jxpsx

CVE-2021-45232 RCE

Refrence: GitHub

wuppp

Refrence: GitHub

dskho

CVE-2021-45232 POC

Refrence: GitHub

xiju2003

The vulnerability affects Apache APISIX Dashboard version 2.10.1

Refrence: GitHub

GYLQ

CVE-2021-45232-RCE-多线程批量漏洞检测

Refrence: GitHub

fany0r

CVE-2021-45232-RCE

Refrence: GitHub

yggcwhat

CVE-2021-45232批量一键检测

Refrence: GitHub

yggcwhat

一键批量检测poc

Refrence: GitHub

YutuSec

Apisix系列漏洞：未授权漏洞（CVE-2021-45232）、默认秘钥（CVE-2020-13945）批量探测。

Refrence: GitHub

Content on GitHub

peiqiF4ck | watchers:157

WebFrameworkTools-5.1-main
本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。傻瓜式导入url即可实现批量getshell。批量自动化测试。例如:Thinkphp,Struts2,weblogic。出现的最新漏洞进行实时跟踪并且更新例如:log4jRCE,向日葵禅道RCE 瑞友天翼应用虚拟化系统sql注入导致RCE大华智慧园区上传,金蝶云星空漏洞等等.

Refrence: GitHub

Description​

Proof Of Concept​

Content on GitHub​

Description

Proof Of Concept

Content on GitHub