Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager CVE-2022-1388

Name: Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager CVE-2022-1388
Rating: 5 (142 reviews)

2022-05-10 | CVSS 7.5

## https://sploitus.com/exploit?id=9973FA3C-C964-5036-934F-A49BFE7BC4EE
# CVE-2022-1388 by 1vere$k
CVE-2022-1388 the proof-of-concept.  
Two regimes of work with: 
 - simple target URL, default PORT will be set as 80 if it wasn't mentioned;
 - file with list of targets `<IP>:<PORT> \n\r`;

# Usage
```
	echo "+-------------------For-The-Help-------------------------------------+";
	echo "Example#1: ./cve-2022-1388.sh -h ------------------------------------+";
	echo "Example#2: ./cve-2022-1388.sh --help --------------------------------+";
	echo "+-------------------For-The-URL-Check -------------------------------+";
	echo "Example#1: ./cve-2022-1388.sh -u <IP> <PORT> [Default port will be 80]";
	echo "+-------------------For-The-File-Check-------------------------------+";
	echo "Example#1: ./cve-2022-1388.sh -f <FILENAME>--------------------------+";
	echo "+--------------------------------------------------------------------+";
```

# Shodan Query
`http.title:"BIG-IP&reg;-+Redirect" +"Server"`

## Contact
You are free to contact me via [Keybase](https://keybase.io/1veresk) for any details.