CVE-2021-45232

This PoC exploits CVE-2021-45232, an RCE vulnerability in Apache APISIX Dashboard. It leverages the migrate/import endpoint to inject a malicious route configuration that executes arbitrary commands via Lua script.

This repository contains a Go-based exploit for CVE-2021-45232, an unauthenticated API access vulnerability in Apache APISIX. The PoC checks for unauthenticated access to the admin API and demonstrates command execution via route manipulation.

This PoC exploits CVE-2021-45232, an unauthorized access vulnerability in Apache APISIX Dashboard, to achieve remote code execution (RCE) by importing a malicious route configuration that executes arbitrary commands via Lua script injection.

This repository provides a description and proof-of-concept for CVE-2021-45232, an authentication bypass vulnerability in Apache APISIX Dashboard. The vulnerability allows unauthorized access to the `/apisix/admin/migrate/export` endpoint due to inconsistent framework usage (gin vs. droplet).

This repository provides a writeup and basic PoC for CVE-2021-45232, an unauthorized access vulnerability in Apache APISIX Dashboard. It includes FOFA queries, affected versions, and mitigation steps but lacks functional exploit code.

This repository contains a Python script to scan for CVE-2021-45232, an unauthorized access vulnerability in Apache APISIX Dashboard, and also checks for default credentials. It performs HTTP requests to specific endpoints to detect the vulnerability and logs results.

This repository contains a README with images and links related to CVE-2021-45232 but lacks actual exploit code or technical details. It appears to be a placeholder or informational writeup.

This repository provides a proof-of-concept for CVE-2021-45232, an unauthenticated RCE vulnerability in Apache APISIX Dashboard versions prior to 2.10.1. The exploit leverages an unauthenticated API endpoint to achieve remote code execution.

This repository provides a scanner for CVE-2021-45232, an authentication bypass vulnerability in Apache APISIX Dashboard versions prior to 2.10.1. The vulnerability arises from inconsistent framework usage, allowing unauthorized access to certain APIs.