Finding 0day in Apache APISIX During CTF (CVE-2022-24112)
In this video we perform a code audit of Api6 and discover a default configuration that can be escalated to remote code execution.
CVE-2022-24112:
GitLab:
Challenge files:
Chapters:
00:00 - Intro
01:09 - Initial Application Overview
02:15 - Discussing Approaches
03:56 - Reading Documentation
04:57 - Initial Attack Idea
06:15 - Identifying Attack Surface
08:46 - Discovering Batch Requests
09:18 - Bypassing X-Real-IP Header
10:15 - Testing the Exploit
11:11 - Reporting the Issue
12:16 - Outro
-=[ ❤️ Support ]=-
→ per Video:
→ per Month:
-=[ 🐕 Social ]=-
→ Twitter:
→ Instagram:
→ Blog:
→ Subreddit: https
9 months ago 00:47:11 1
1 year ago 00:32:36 1
1 year ago 01:21:33 1
1 year ago 00:56:54 1
1 year ago 01:28:39 3
1 year ago 00:20:48 1
1 year ago 11:54:59 1
2 years ago 00:03:29 1
2 years ago 00:04:38 1
![[EAST2WEST] BTS (방탄소년단) - Fake Love Dance Cover](https://sun9-18.userapi.com/mq3EqedjmmjrhjLmc0xupKGlMLbWxpYVa8Mp4Q/vuavvGPWcjs.jpg)
2 years ago 00:43:10 1
2 years ago 00:23:38 7
3 years ago 00:12:41 1
