CVE-2022-1388 PoC — F5 BIG-IP 访问控制错误漏洞

Source

https://github.com/iveresk/cve-2022-1388-1veresk

Associated Vulnerability

Title:F5 BIG-IP 访问控制错误漏洞 (CVE-2022-1388)
Description:F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。 F5 BIG-IP 存在访问控制错误漏洞，攻击者可以通过未公开的请求利用该漏洞绕过BIG-IP中的iControl REST身份验证来控制受影响的系统。

Description

Simple shell script for the exploit

Readme

# CVE-2022-1388 by 1vere$k
CVE-2022-1388 the proof-of-concept.  
Two regimes of work with: 
 - simple target URL, default PORT will be set as 80 if it wasn't mentioned;
 - file with list of targets `<IP>:<PORT> \n\r`;

# Usage
```
	echo "+-------------------For-The-Help-------------------------------------+";
	echo "Example#1: ./cve-2022-1388.sh -h ------------------------------------+";
	echo "Example#2: ./cve-2022-1388.sh --help --------------------------------+";
	echo "+-------------------For-The-URL-Check -------------------------------+";
	echo "Example#1: ./cve-2022-1388.sh -u <IP> <PORT> [Default port will be 80]";
	echo "+-------------------For-The-File-Check-------------------------------+";
	echo "Example#1: ./cve-2022-1388.sh -f <FILENAME>--------------------------+";
	echo "+--------------------------------------------------------------------+";
```

# Shodan Query
`http.title:"BIG-IP&reg;-+Redirect" +"Server"`

## Contact
You are free to contact me via [Keybase](https://keybase.io/1veresk) for any details.

File Snapshot


 [4.0K]  /data/pocs/8ab1b18d505cbe5f4d8cbef33c918a82b50f9c7f
├── [1.6K]  cve-2022-1388.sh
├── [  36]  input as example.txt
├── [1.0K]  LICENSE
├── [1.0K]  README.md
└── [  58]  shodan-query.txt

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!