Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-22986 PoC — F5 BIG-IP 代码问题漏洞

Source
https://github.com/S1xHcL/f5_rce_poc
Associated Vulnerability
Title:F5 BIG-IP 代码问题漏洞 (CVE-2021-22986)
Description:On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Description
cve-2021-22986 f5 rce 漏洞批量检测 poc
Readme
# 使用

```
python3 f5_rce.py 

-u 指定目标URL
-f 批量检测文件
-c 执行命令
-s/--ssrf 通过ssrf获得token执行命令
```

效果如下所示:

![](./1.png)

```
python3 f5_rce.py -u 127.0.0.1 --ssrf
```
执行命令后输入`exit`退出

![](./ssrf.png)

PS:输出不够美感,我会修改的😁

# 后续

更新:
+ 修改部分命令执行异常情况
+ 增加SSRF获取Token执行命令

~~1. 正则匹配,美化输出~~

~~2. 更新其他poc利用方式~~

# 引用

+ [poc地址](https://twitter.com/wugeej/status/1372392693989445635)
+ [脚本小子是如何复现漏洞(CVE-2021-22986)并实现批量利用](https://mp.weixin.qq.com/s/cavKq04hNU5pJoTBiPMZkw)
+ [CVE-2021-22986](https://github.com/Al1ex/CVE-2021-22986)
File Snapshot

 [4.0K]  /data/pocs/3f7c1a797bec1b49432774e1717ca54a55dd213c
├── [ 29K]  1.png
├── [4.7K]  f5_rce.py
├── [ 798]  README.md
└── [ 36K]  ssrf.png

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →