While looking at the vulnerabilty with fellow researchers we came to the idea that most of the current ways in which to test for the vulnerability can be classed as a form of compromise of the system. We wanted to develop a way in which to test the vulnerability so that it doest not compromise the system being scanned.
for this we wrote this small python tool, In does a GET request to the login for the system, this shows the the system is avilable and viewable and could be open to compromise from an attacker, and in turn doesnt not compromise any system informaiton or client data.
The F5 BIG-IP DNS uses topology-based load balancing to inspect a user's IP and determine the most efficient data center. The term load balancing can also refer to file servers, when file protocol requests are distributed across file servers to overcome the capacity, bandwidth, or CPU limitations of any single system.
That one singular quote should give you an idea VERY quickly why this is a ciritcial vulenrability and mixed with the simplisticness of the attack seen bellow.
this is a critical CVSS 10.0 vulnerability discovered in F5 Big-IP systems, in versions 5.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1. The exploitation process the attacker needs to send a specifically crafted HTTP request to the server hosting the Traffic Management User Interface (TMUI) utility for BIG-IP configuration."
more information on the vulnerability can be found from F5 support here https://support.f5.com/csp/article/K52145254
The exploitation is straight forward and very public at current and simplistic using a simple GET request or a curl command that can be done by any skid with a up todate windows command prompt:
This tool was wrote by my CyberViking and a fellow researcher who wanted to re-name nameless, you know who you are you beautiful bitch.
if you have any suggestions hit me up @TheCyberViking