irules injection
dorkerdevil opened this issue · 0 comments
dorkerdevil commented
BIG-IP supports iRules - a subset of rules written in TCL. An attacker can inject iRule code in to a request and force a BIG-IP to execute remote code, sniff connections or scan internal networks. An attacker that successfully exploits iRule injections can gain a foothold in the device memory, break out of the TCL interpreter and cause severe damage without leaving a trace in logging facilities.
https://www.youtube.com/watch?time_continue=1876&v=2f15ZOIU7ks