f5-bigip-rce-cve-2020-5902 icon indicating copy to clipboard operation
f5-bigip-rce-cve-2020-5902 copied to clipboard

Published 20 hours ago verified publisher icon theLSA

false positive on poc-1 part

Open sangamcs opened this issue 4 years ago • 1 comments 

        f5BypassAuthCheckRsp1 = requests.get(tgtUrl1, headers=headers, timeout=timeout, verify=False)

        if f5BypassAuthCheckRsp1.status_code == 200:
            print '[POC1]' + tgtIP + ' is vulnerable-2!!!'
            return True

because many of BigIP server having webpages.

sangamcs avatar Sep 25 '21 16:09 sangamcs

Thanks your feedback! poc1 = '/tmui/login.jsp/..;/tmui/system/user/authproperties.jsp' if you can access the authproperties.jsp page, that means could be vulnerable(possible, not 100%). So you can try it manually, or improve the code(such as improve this [if] statement) so that make it nearly 100% accurate.

theLSA avatar Sep 26 '21 10:09 theLSA