Full title: Kong Gateway Admin API Remote Code Execution Exploit Category: remote exploits Platform: multiple This Metasploit module uses the Kong admin API to create a route and a serverless function plugin that is associated with the route. The plugin runs Lua code and is used to run a system command using os.execute(). After execution the route is deleted, which also deletes the plugin. # 0day.today @ http://0day.today/