CVE-2022-1388 PoC — F5 BIG-IP 访问控制错误漏洞

Source

https://github.com/LinJacck/CVE-2022-1388-EXP

Associated Vulnerability

Title:F5 BIG-IP 访问控制错误漏洞 (CVE-2022-1388)
Description:On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Description

CVE-2022-1388-EXP可批量实现攻击

Readme

# CVE-2022-1388-EXP
This is CVE-2022-1388-EXP
Author:Caps@BUGFOR<br>
Github:https://github.com/bytecaps<br>
Remaker:LinJacck<br>
Github:https://github.com/LinJacck<br>
# 功能展示
验证模式：python CVE_2022_1388.py -v -u target_url <br>
攻击模式：python CVE_2022_1388.py -a -u target_url -c command <br>
批量检测：python CVE_2022_1388.py -s -f file<br>
WebShell模式：python CVE_2022_1388.py -r -u target_url <br>
注：如果“验证模式”显示疑似漏洞但无法利用，说明系统已更改默认密码无法未授权攻击。<br>
# 新增功能点
1、更改了原代码中的错误，可以实现非授权攻击。 <br>
2、更改了扫描模式，现扫描速度更快更不易被发现。 <br>
3、实现了webshell功能。 <br>
4、修改了指令模式，更加便捷。 <br>

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!