Gesamte Überschrift: Kong Gateway Admin API Remote Code Execution Exploit 
Kategorie: remote exploits
Betriebssystem: multiple
This Metasploit module uses the Kong admin API to create a route and a serverless function plugin that is associated with the route. The plugin runs Lua code and is used to run a system command using os.execute(). After execution the route is deleted, which also deletes the plugin.

# 0day.today @ http://0day.today/