CVE-2021-45232
Description
In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework droplet
on the basis of framework gin
, all APIs and authentication middleware are developed based on framework droplet
, but some API directly use the interface of framework gin
thus bypassing the authentication.
Severity: CRITICAL
CVE ID: CVE-2021-45232
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2021-45232
Refrence: Project Discovery GitHub
Osyanina
A vulnerability scanner that detects CVE-2021-45232 vulnerabilities.
Refrence: GitHub
badboycxcc
Refrence: GitHub
LTiDi2000
Refrence: GitHub
Ilovewomen
Refrence: GitHub
jxpsx
CVE-2021-45232 RCE
Refrence: GitHub
wuppp
Refrence: GitHub
dskho
CVE-2021-45232 POC
Refrence: GitHub
xiju2003
The vulnerability affects Apache APISIX Dashboard version 2.10.1
Refrence: GitHub
GYLQ
CVE-2021-45232-RCE-多线程批量漏洞检测
Refrence: GitHub
fany0r
CVE-2021-45232-RCE
Refrence: GitHub
yggcwhat
CVE-2021-45232批量一键检测
Refrence: GitHub
yggcwhat
一键批量检测poc
Refrence: GitHub
YutuSec
Apisix系列漏洞:未授权漏洞(CVE-2021-45232)、默认秘钥(CVE-2020-13945)批量探测。
Refrence: GitHub
Content on GitHub
peiqiF4ck | watchers:157
WebFrameworkTools-5.1-main
本软件首先集成危 害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。傻瓜式导入url即可实现批量getshell。批量自动化测试。例如:Thinkphp,Struts2,weblogic。出现的最新漏洞进行实时跟踪并且更新例如:log4jRCE,向日葵 禅道RCE 瑞友天翼应用虚拟化系统sql注入导致RCE大华智慧园区上传,金蝶云星空漏洞等等.
Refrence: GitHub