Finding 0day in Apache APISIX During CTF (CVE-2022-24112)

Channel:

Subscribers:

920,000

Published on March 7, 2022 4:09:43 PM ● Video Link: https://www.youtube.com/watch?v=yrCXamnX9No

Duration: 12:41

83,064 views

4,347

In this video we perform a code audit of Api6 and discover a default configuration that can be escalated to remote code execution.

CVE-2022-24112: https://seclists.org/oss-sec/2022/q1/133
GitLab: https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/
Challenge files: https://github.com/chaitin/Real-World-CTF-4th-Challenge-Attachments/tree/master/API6

Chapters:
00:00 - Intro
01:09 - Initial Application Overview
02:15 - Discussing Approaches
03:56 - Reading Documentation
04:57 - Initial Attack Idea
06:15 - Identifying Attack Surface
08:46 - Discovering Batch Requests
09:18 - Bypassing X-Real-IP Header
10:15 - Testing the Exploit
11:11 - Reporting the Issue
12:16 - Outro

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

Other Videos By LiveOverflow

2022-05-19	Scanning The Internet for Minecraft Servers
2022-05-08	Crafting a Minecraft 0day...
2022-05-01	Flying Without Elytra
2022-04-20	Modding is Hacking...
2022-04-16	Awkward VLOG at Nullcon Berlin 2022
2022-04-10	Minecraft, But It's Reverse Engineered...
2022-04-03	Breaching Security of Palais des Congrès (in Minecraft) #shorts
2022-04-01	I Spent 100 Days Hacking Minecraft
2022-03-24	I've been Hacking for 10 Years! (Stripe CTF Speedrun)
2022-03-16	Missing HTTP Security Headers - Bug Bounty Tips
2022-03-07	Finding 0day in Apache APISIX During CTF (CVE-2022-24112)
2022-02-24	Exploiting Java Tomcat With a Crazy JSP Web Shell - Real World CTF 2022
2022-02-12	Sudo Exploit for (old) Ubuntu 20.04 LTS
2022-02-01	Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046
2022-01-18	Debugging The Failing sudoedit Exploit \| Ep.16
2022-01-11	Creating The First (Failed) Sudoedit Exploit \| Ep. 15
2022-01-03	Learning about nss (Linux Name Service Switch) During Sudo Exploitation \| Ep. 14
2021-12-24	Log4j Lookups in Depth // Log4Shell CVE-2021-44228 - Part 2
2021-12-17	Log4j Vulnerability (Log4Shell) Explained // CVE-2021-44228
2021-12-14	Can We Find a New Exploit Strategy? \| Ep. 13
2021-12-02	Authorization vs. Authentication (Google Bug Bounty)

Tags:

Live Overflow

liveoverflow

hacking tutorial

how to hack

exploit tutorial

0day

0-day

zero day

zeroday

ctf

capture the flag

real world

pentest

realistic ctf

real world ctf

realworld ctf

web hacking

microservices

api key

admin api

ssrf

server side request forgery

x-real-ip

http header

bug

vulnerability

security research