This repository contains a proof-of-concept (PoC) exploit for a vulnerability in Apache APISIX. The vulnerability arises when the Admin API is enabled and the access IP restriction rules are deleted, allowing the default token to access APISIX management data. This affects versions 1.2, 1.3, 1.4, and 1.5.
Apache APISIX is a dynamic, real-time, high-performance API gateway. A critical security vulnerability exists in versions 1.2 to 1.5, where enabling the Admin API and deleting the Admin API access IP restriction rules permits unauthorized access using the default token.
- Apache APISIX 1.2
- Apache APISIX 1.3
- Apache APISIX 1.4
- Apache APISIX 1.5
-
Clone the repository:
git clone https://github.com/Pixelcraftch/CVE-2020-13945-EXPLOIT cd CVE-2020-13945
-
Install dependencies:
pip install -r requirements.txt
- Ensure Apache APISIX is running and the Admin API is enabled.
- Run the exploit script:
Replace
python CVE-2020-13945.py -u <target> python CVE-2020-13945.py -f <target_file> -t 77
<target(s)>
with the url of the target APISIX instance to exploit.
To mitigate this vulnerability:
- Do not delete the Admin API access IP restriction rules. Ensure they are configured correctly to restrict access to trusted IPs only.
- Change the default token. Use a strong, unique token for accessing the Admin API.
For detailed information on configuring security settings, refer to the Apache APISIX documentation.
This PoC exploit is intended for educational purposes only. Use it at your own risk. Unauthorized use of this tool against systems without explicit permission is illegal and unethical. The author is not responsible for any damage caused by the use of this exploit.