Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-1388 PoC — F5 BIG-IP 访问控制错误漏洞

Source
https://github.com/r0otk3r/CVE-2022-1388
Associated Vulnerability
Title:F5 BIG-IP 访问控制错误漏洞 (CVE-2022-1388)
Description:On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Readme
# CVE-2022-1388 - F5 BIG-IP iControl REST Authentication Bypass RCE

This Python script exploits CVE-2022-1388, a critical vulnerability in F5 BIG-IP iControl REST that allows **unauthenticated remote command execution** via improper access control and HTTP header handling.

> ⚠️ **For educational and authorized security research only. Do not use against systems you do not own or have explicit permission to test.**

## Vulnerability Summary

- **CVE ID:** [CVE-2022-1388](https://nvd.nist.gov/vuln/detail/CVE-2022-1388)
- **Vendor:** F5 Networks
- **Affected Product:** BIG-IP (various versions)
- **Impact:** Remote attackers can bypass authentication and execute arbitrary system commands via crafted HTTP requests.

---

##  Features

- Remote command execution via REST API
- Optional interactive shell (`--shell`)
- Custom HTTP basic authentication support
- SSL verification disabled (for self-signed certs)

---

##  Usage

```bash
python3 cve_2022_1388_exploit.py -u <target_url> -c "<command>"
```
## Examples
#### Run a Single Command
```bash
python3 cve_2022_1388_exploit.py -u https://192.168.1.1 -c "id"
```
<img width="1351" height="148" alt="id" src="https://github.com/user-attachments/assets/6a6fe86f-c5d5-42a4-b7c1-8d7030dc14a9" />

---
#### Run with Custom Credentials
```bash 
python3 cve_2022_1388_exploit.py -u https://192.168.1.1 -a "root:password" -c "whoami"
```
<img width="1352" height="146" alt="whoa" src="https://github.com/user-attachments/assets/b5b7f9d6-43d8-48fc-bd07-39e3bc6d378b" />


----

### Start Interactive Shell
```bash
python3 cve_2022_1388_exploit.py -u https://192.168.1.1 --shell
```
<img width="1352" height="417" alt="shell" src="https://github.com/user-attachments/assets/319618d9-7d5c-47fe-b30b-21bf0483a80e" />

---

### How It Works

-    The script bypasses auth by setting a forged X-F5-Auth-Token and Authorization headers.

-    Sends a POST request to:
    /mgmt/tm/util/bash

-    Payload triggers execution of the specified shell command.

## Mitigation

-    Upgrade to patched F5 BIG-IP versions as recommended by F5 Security Advisory.

-    Restrict access to iControl REST interface.

## License

This exploit script is provided for educational purposes only. Usage is entirely at your own risk.

## Official Channels

- [YouTube @rootctf](https://www.youtube.com/@rootctf)
- [X @r0otk3r](https://x.com/r0otk3r)
File Snapshot

 [4.0K]  /data/pocs/154be6ca0153b301cacdb338cc11fc0e105b0b90
├── [2.7K]  cve_2022_1388_exploit.py
└── [2.3K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →