Finding 0day in Apache APISIX During CTF (CVE-2022-24112)
In this video we perform a code audit of Api6 and discover a default configuration that can be escalated to remote code execution.
CVE-2022-24112: https://seclists.org/oss-sec/2022/q1/133
GitLab: https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/
Challenge files: https://github.com/chaitin/Real-World-CTF-4th-Challenge-Attachments/tree/master/API6
Chapters:
00:00 - Intro
01:09 - Initial Application Overview
02:15 - Discussing Approaches
03:56 - Reading Documentation
04:57 - Initial Attack Idea
06:15 - Identifying Attack Surface
08:46 - Discovering Batch Requests
09:18 - Bypassing X-Real-IP Header
10:15 - Testing the Exploit
11:11 - Reporting the Issue
12:16 - Outro
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/