Apache APISIX batch-requests Plugin IP address Restriction Bypass

This strike exploits an authentication weakness vulnerability in Apache APISIX. The vulnerability is due to inefficient validation of client requests at the vulnerable API endpoint "/apisix/admin/batch-requests". A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable server if the batch-requests plugin is enabled and it is using the default API key of the administrator. Successful exploitation could lead to arbitrary code execution under the security context of the server process. *NOTE: While running this strike in OneArm mode, it creates a new endpoint/route "/poc/testing" which is visited to execute a command to create a file called "poc" under the "/tmp" directory on the server.