CVE-2020-5902 PoC — F5 BIG-IP 路径遍历漏洞

Source

Associated Vulnerability

Description

Automated F5 Big IP Remote Code Execution (CVE-2020-5902) Scanner Written In Python 3

Readme

# CVE-2020-5902-Scanner
Automated F5 Big IP Remote Code Execution (CVE-2020-5902) Scanner Written In Python 3

## Vulnerability Description
F5 released a Critical Remote Code Execution vulnerability (CVE-2020-5902) on 30th June 2020 that affects several versions of Big IP.
Attacker can easily exploit RCE & LFI present in TMUI (Traffic Management User Interface) in undisclosed pages.

In short, it is a varient of Remote Code Execution & Local File Inclusion Vulnerability which has a CVSS Score 10.

## Installation
```
# For Windows
$python -m pip install requests

# OR

# For Linux
$ sudo apt-get install python3-pip
$ sudo pip3 install requests   
```

## Usage

Ideal Target For This Script: `google.com`

Don't Give These Type of target: `https://google.com` or `http://google.com`

```
# For Windows
$ python CVE-2020-5902.py 

# For Linux
$ python3 CVE-2020-5902.py 
```

## Use cases
```
# Enumeration Subdomain Using Sublist3r
$ python sublist3r.py -d google.com -o google.com.txt

# Giving This Subdomain List to CVE-2020-5902.py
$ python CVE-2020-5902.py
````

File Snapshot

 [4.0K]  /data/pocs/5562c0ab67c2a2669a689d4c67732fbe1b4b0cbd
├── [1.5K]  CVE-2020-5902.py
└── [1.1K]  README.md

0 directories, 2 files

Remarks