APISIX

It's possible to access the APISIX's Admin API by using the default access token. Therefore, an attacker can interact with the server as an administrator which can lead to a takeover of the server.

Default path:

/apisix

Default API Key

edd1c9f034335f136f87ad84b625c8f1

"Apache APISIX has a default, built-in API token edd1c9f034335f136f87ad84b625c8f1 that can be used to access all endpoints of the admin API, which leads to remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerability to bypass the IP restriction plugin."

Links

• Acunetix
• SecLists
• OpenWall
• METASPLOIT AVAILABLE AT INFOSEC!