CVE-2022-1388 PoC — F5 BIG-IP 访问控制错误漏洞

Source

https://github.com/omnigodz/CVE-2022-1388

Associated Vulnerability

Title:F5 BIG-IP 访问控制错误漏洞 (CVE-2022-1388)
Description:On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Description

This repository consists of the python exploit for CVE-2022-1388 (F5's BIG-IP Authentication Bypass to RCE)

Readme

# CVE-2022-1388
This repository conssists of the python exploit code for CVE-2022-1388( F5's BIG-IP RCE) 

usage: exploit.py [-h] -t TARGET -p PORT -c CMD [--ssl]

options:\
  -h, --help            show this help message and exit\
  -t TARGET, --target TARGET
                        Specify the IP Address/Domain Name of the vulnerable server\
  -p PORT, --port PORT  Specify port number of the vulnerable server\
  -c CMD, --cmd CMD     Specify the command that you want to execute\
  --ssl                 Specify this optional argument if the server uses ssl
  
  Example -
  For a webserber that uses HTTPS and runs on port 8443 at 192.168.0.13\
  ./exploit.py -t 192.168.0.13 -p 8443 -c 'id' --ssl
  
  For a webserver that uses HTTP and runs on port 1346 at 192.168.0.13\
  ./exploit.py -t 192.168.0.13 -p 1346 -c 'id'

File Snapshot


 [4.0K]  /data/pocs/748c7f50aba52f177e175a31efdecefdcbf5748f
├── [1.8K]  exploit.py
└── [ 826]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!