Kong Gateway Admin API Remote Code Execution
Posted by deepcore on November 26, 2020 – 10:25 pm
This Metasploit module uses the Kong admin API to create a route and a serverless function plugin that is associated with the route. The plugin runs Lua code and is used to run a system command using os.execute(). After execution the route is deleted, which also deletes the plugin.
Post a reply
You must be logged in to post a comment.