CVE-2022-1388 PoC — F5 BIG-IP 访问控制错误漏洞

Source

https://github.com/battleofthebots/refresh

Associated Vulnerability

Title:F5 BIG-IP 访问控制错误漏洞 (CVE-2022-1388)
Description:F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。 F5 BIG-IP 存在访问控制错误漏洞，攻击者可以通过未公开的请求利用该漏洞绕过BIG-IP中的iControl REST身份验证来控制受影响的系统。

Description

CVE-2022-1388 - F5 Router RCE Replica

Readme

# Refresh
This container emulates the vulnerable functionality of CVE-2022-1388 in an F5 Router allowing RCE.
CVE-202201388 stems from a complicated relationship between different authentication mechanisms and broxying that stripped Headers allowing improper access to admin endpoints in the webapp.
Competitors must use their bot to send a web request exploiting this flaw.

## Building
```sh
docker build -t refresh .
```

## Running
```sh
docker run -p 80:80 refresh
```

## Exploiting
```sh
python3 exploit.py -u http://localhost -t
```

## References
- https://www.randori.com/blog/vulnerability-analysis-cve-2022-1388/

File Snapshot


 [4.0K]  /data/pocs/dfa759537d1c4e0c5051e834400dbd5c111cf15c
├── [ 464]  Dockerfile
├── [3.8K]  exploit.py
├── [  50]  pycompile.py
├── [ 625]  README.md
├── [2.8K]  refresh.pcapng
├── [   6]  requirements.txt
└── [1.5K]  router.py

0 directories, 7 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!