关联漏洞
描述
exploit for f5-big-ip RCE cve-2023-46747
介绍
# Vulnerability Details
## fofa:
```
(title="BIG-IP®" || icon_hash="-335242539")
```
## shodan
```
title:"BIG-IP®"
```
## Affected versions
https://my.f5.com/manage/s/article/K000137353
# Vulnerability Recurrence
1. At this time, the user here is only `admin`:
2. Execute the script:
```
git clone https://github.com/W01fh4cker/CVE-2023-46747-RCE.git
cd CVE-2023-46747-RCE
pip install -r requirements.txt
python CVE-2023-46747-RCE.py -u https://192.168.161.190
# python CVE-2023-46747-RCE.py -u https://192.168.161.190 -p http://127.0.0.1:7890
```
Successfully executed command:
3. A new user was successfully created without authorization here:
# Shortcoming
Exploitation fails in some versions, reference: https://twitter.com/joel_land/status/1729147886615818732.
# Q & A
1. Q: Token acquisition failed?
A: It cannot be said that there must be no vulnerability in the test site, because creating a user without authorization is not 100% successful. Sometimes you do not create a user in the first step due to some reasons, so the token in the second step cannot be obtained. Therefore, my suggestion is to try a few more times. If it does not work, it may mean that there is indeed no vulnerability.
# Digression
You can use this script https://github.com/BishopFox/bigip-scanner to collect F5 BIG-IP version information. It's great!
# Reference
https://github.com/projectdiscovery/nuclei-templates/pull/8500
https://mp.weixin.qq.com/s/wUoBy7ZiqJL2CUOMC-8Wdg
https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747
文件快照
[4.0K] /data/pocs/5f0aa9f2fa2bed016cb85a7fbe5891a92c218b90
├── [ 16K] CVE-2023-46747-RCE.py
├── [1.9K] README.md
└── [ 17] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。