Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2023-46747 PoC — BIG-IP Configuration utility unauthenticated remote code execution vulnerability

Source
https://github.com/RevoltSecurities/CVE-2023-46747
Associated Vulnerability
Title:BIG-IP Configuration utility unauthenticated remote code execution vulnerability (CVE-2023-46747)
Description:Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Description
An Exploitation script developed to exploit the CVE-2023-46747 which Pre Auth Remote Code Execution of f5-BIG Ip producs
Readme
# CVE-2023-46747
An Exploitation script developed to exploit the CVE-2023-46747 which Pre Auth Remote Code Execution of f5-BIG Ip producs
This is an script indented forto exploit the Remote code Execution on Vulnerable f5-BIG Ip products

## Installation:

```bash
git clone https://github.com/sanjai-AK47/CVE-2023-46747.git
cd CVE-2023-46747
pip install -r requirements.txt
python3 exploit.py
```
## Usage:

```bash
 python3 exploit.py -h                                            
usage: exploit.py [-h] [-d DOMAIN] [-dL DOMAINS_LIST] [-cmd COMMAND] [-o OUTPUT] [-to TIME_OUT] [-px PROXY] [-v]

[DESCTIPTION]: Exploitation and Detection tool for Cisco CVE-2023-46747

options:
  -h, --help            show this help message and exit
  -d DOMAIN, --domain DOMAIN
                        [INFO]: Target domain for exploiting without protocol eg:(www.domain.com)
  -dL DOMAINS_LIST, --domains-list DOMAINS_LIST
                        [INFO]: Targets domain for exploiting without protocol eg:(www.domain.com)
  -cmd COMMAND, --command COMMAND
                        [INFO]: Exploitation Shell command for Remote Code Execution
  -o OUTPUT, --output OUTPUT
                        [INFO]: File name to save output
  -to TIME_OUT, --time-out TIME_OUT
                        [INFO]: Switiching timeout will requests till for your timeout and also for BURPSUITE
  -px PROXY, --proxy PROXY
                        [INFO]: Switiching proxy will send request to your configured proxy (eg: BURPSUITE)
  -v, --verbose         [INFO]: Switiching Verbose will shows offline targets

```


## Warning :

The tool is developed to exploit the vulneabilities for legal and ethical exploitations and The developer (ME) not responsible for illegal
or unethical exploitation

The tool is developed by [D.Sanjai Kumar](https://www.linkedin.com/in/d-sanjai-kumar-109a7227b/) and for any updates and errors ping me though my Linkedin page I have mentioned

Thank you!
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →