# Vulnerability Details  
## fofa:
(title="BIG-IP®" || icon_hash="-335242539")
## shodan  

## Affected versions
# Vulnerability Recurrence
1. At this time, the user here is only `admin`:

2. Execute the script:
git clone
cd CVE-2023-46747-RCE
pip install -r requirements.txt
python -u
# python -u -p
Successfully executed command:  

3. A new user was successfully created without authorization here:

# Shortcoming  
Exploitation fails in some versions, reference:  

# Q & A  
1. Q: Token acquisition failed?  
   A: It cannot be said that there must be no vulnerability in the test site, because creating a user without authorization is not 100% successful. Sometimes you do not create a user in the first step due to some reasons, so the token in the second step cannot be obtained. Therefore, my suggestion is to try a few more times. If it does not work, it may mean that there is indeed no vulnerability.  
# Digression
You can use this script to collect F5 BIG-IP version information. It's great!  
# Reference