CVE-2020-5902

This exploit leverages a path traversal vulnerability in F5 Big-IP's TMUI interface to read arbitrary files, including sensitive system files like /etc/passwd and configuration files. It sends crafted HTTP requests to bypass authentication and access restricted resources.

This exploit leverages CVE-2020-5902, a deserialization vulnerability in F5 BIG-IP, to achieve remote code execution. It uses ysoserial to generate a malicious payload and delivers it via a crafted Java class, resulting in a reverse shell.

This exploit leverages a path traversal vulnerability in F5 BIG-IP's TMUI interface to achieve remote command execution (RCE) and arbitrary file read. The PoC uses curl commands to bypass authentication and execute commands or read files.

This repository contains a functional Python exploit for CVE-2020-5902, targeting F5 BIG-IP TMUI for unauthenticated remote code execution via directory traversal and command injection. The exploit chains multiple JSP endpoints to execute arbitrary commands.

The repository provides functional exploit URLs for CVE-2020-5902, a directory traversal and RCE vulnerability in BIG-IP's TMUI. The PoC demonstrates arbitrary file read and command execution via crafted paths in the URL.

This repository contains a functional exploit for CVE-2020-5902, targeting F5 BIG-IP TMUI. The exploit leverages an authentication bypass via URL parsing discrepancies in Tomcat to achieve remote code execution, file read/write, and directory listing.

This repository contains a Python script that scans for CVE-2020-5902 by querying Shodan for potential F5 BIG-IP targets and attempting to exploit the vulnerability to verify its presence. It does not provide a full exploit but confirms vulnerability by checking for root-level command execution.

The repository contains a functional Python exploit for CVE-2020-5902, targeting F5 BIG-IP's TMUI directory traversal and RCE vulnerability. It includes both manual file read examples and an automated script for brute-forcing or reading specific files via crafted HTTP requests.

This repository contains a functional Python exploit for CVE-2020-5902, targeting F5 Big-IP devices. The exploit demonstrates both local file read (LFR) and remote code execution (RCE) capabilities via path traversal in the TMUI interface.

This repository contains a Python script designed to detect Indicators of Compromise (IoCs) related to CVE-2020-5902 on F5 BIG-IP systems. It checks for signs of exploitation such as malicious users, suspicious files, and audit logs, but does not include functional exploit code.

This repository contains a functional Python script that exploits CVE-2020-5902, a directory traversal vulnerability in F5 BIG-IP devices, allowing arbitrary file read and potential RCE. The script constructs a malicious URL to bypass authentication and read files via the vulnerable endpoint.

The repository contains a Python script that scans for CVE-2020-5902 by attempting to read /etc/passwd via a path traversal vulnerability in F5 BIG-IP's TMUI. It does not execute arbitrary code but confirms vulnerability by checking for the presence of 'root:x:0:0:root' in the response.

This repository contains a functional Python script that exploits CVE-2020-5902, a directory traversal vulnerability in F5 BIG-IP's TMUI interface. The script supports checking for vulnerability, reading arbitrary files, and executing commands via crafted HTTP requests.

This repository contains a Go-based PoC for multiple F5 BIG-IP vulnerabilities, including CVE-2022-1388, which allows authentication bypass and remote command execution. The code sends crafted HTTP requests to exploit the vulnerabilities and checks for successful execution.

This repository contains functional exploit code for CVE-2020-5902, a remote code execution vulnerability in F5 BIG-IP TMUI. The exploit leverages unauthenticated access to the TMUI interface to execute arbitrary commands via crafted HTTP requests.

This repository contains a functional exploit for CVE-2020-5902, a remote code execution vulnerability in F5 BIG-IP. The exploit leverages path traversal and command injection to execute arbitrary commands on vulnerable systems.

The repository contains minimal content with a Shodan query and an image but lacks any functional exploit code or technical details about CVE-2020-5902. It appears to be a placeholder or lure rather than a legitimate PoC.

The repository claims to be a GUI tool for exploiting CVE-2020-5902 but contains no actual exploit code. Instead, it provides screenshots and a Baidu cloud download link, which is a common tactic for luring users into downloading potentially malicious files.

This repository contains a functional Python exploit for CVE-2020-5902, a remote code execution vulnerability in F5 BIG-IP. The exploit leverages path traversal and command alias manipulation to execute arbitrary commands on the target system.

This repository contains a Python script that scans for CVE-2020-5902, a remote code execution vulnerability in F5 BIG-IP TMUI. The script checks if a target system is vulnerable by attempting to read /etc/passwd via a path traversal attack.

This repository contains a bash script that scans for CVE-2020-5902 by checking if the target BIG-IP TMUI interface is vulnerable to an unauthenticated file read vulnerability. It does not exploit the vulnerability but detects it by attempting to read /etc/passwd.

This repository contains a Python script that scans for CVE-2020-5902, a vulnerability in F5 BIG-IP TMUI allowing arbitrary file read and command execution. The script checks multiple endpoints to detect vulnerable systems but does not include exploit code for actual command execution.

This repository provides a Zeek detection package for identifying exploit attempts and successful exploits of CVE-2020-5902, a critical vulnerability in F5 BIG-IP devices. It includes scripts to monitor HTTP traffic for specific patterns associated with the exploit.

This repository contains a functional Python script that exploits CVE-2020-5902, a directory traversal vulnerability in F5 Big-IP's TMUI interface, to read arbitrary files (e.g., /etc/passwd). The script is designed for mass exploitation using asynchronous HTTP requests.

This repository contains a Python script that scans for CVE-2020-5902, a vulnerability in F5 BIG-IP devices. The script checks for the presence of the vulnerability by sending a crafted HTTP request and verifying the response, but it does not include exploit code for achieving remote code execution.

The repository lists multiple CVEs and tools but contains no actual exploit code or technical details. It appears to be a collection of references without functional PoCs, likely serving as a lure for further engagement.

This repository contains a functional Python exploit for CVE-2020-5902, a directory traversal vulnerability in F5 BIG-IP's TMUI interface. The exploit allows unauthenticated attackers to read arbitrary files from the system, including sensitive files like /etc/passwd and /etc/hosts.

The repository contains a Ruby script that scans for CVE-2020-5902 by attempting to read /etc/passwd via a path traversal vulnerability in F5 BIG-IP's TMUI interface. It checks for specific strings in the response to determine vulnerability but does not include exploit code for RCE.

This repository contains a bash script that uses Shodan CLI to identify F5 BIG-IP systems potentially vulnerable to CVE-2020-5902 by checking for a specific file read vulnerability. It does not exploit the vulnerability but scans for it.

The repository provides functional exploit URLs for CVE-2020-5902, demonstrating unauthenticated RCE in F5 BIG-IP TMUI via directory traversal and command injection. The URLs target specific endpoints to execute commands, read files, and list directories.

This repository contains a functional Python script that exploits CVE-2020-5902, a directory traversal vulnerability in F5 BIG-IP's TMUI interface, to read arbitrary files (e.g., /etc/passwd). The script includes multi-threading for batch scanning and checks for successful exploitation via JSON response parsing or pattern matching.

This repository contains a Go-based scanner for CVE-2020-5902, which checks if a target F5 BIG-IP system is vulnerable by attempting to read /etc/passwd via a path traversal flaw in the TMUI interface. It does not exploit the vulnerability beyond detection.

The repository contains a Python script that scans for CVE-2020-5902 by attempting to read /etc/passwd via a path traversal vulnerability in F5 BIG-IP TMUI. It checks for a 200 status code and non-empty JSON response to determine vulnerability.

This repository contains a functional exploit for CVE-2020-5902, targeting a directory traversal vulnerability in F5 BIG-IP's TMUI. The exploit allows unauthenticated remote file read access via crafted HTTP requests to undisclosed endpoints.

The repository contains a functional exploit script for CVE-2020-5902, targeting F5 BIG-IP devices. The exploit leverages a path traversal vulnerability in the TMUI interface to achieve RCE and file read operations without authentication.

This repository contains a functional Python script that scans for and exploits CVE-2020-5902, a vulnerability in F5 BIG-IP devices. The script can detect vulnerable hosts, perform LFI (Local File Inclusion), and execute commands via the vulnerable endpoint.

This repository contains a Python script that scans for F5 BIG-IP systems vulnerable to CVE-2020-5902 using the FOFA search engine. It checks for the presence of the vulnerability by attempting to read /etc/passwd via the exposed endpoint.

The repository contains a PowerShell script that checks for CVE-2020-5902 by attempting to read /etc/passwd via a path traversal vulnerability in F5 BIG-IP's TMUI interface. It iterates over a list of IPs and reports vulnerable targets.

This repository contains a functional Python script that exploits CVE-2020-5902, a vulnerability in F5 BIG-IP devices. The script checks for vulnerability by reading sensitive files and executes arbitrary commands via a multi-step process involving CLI alias creation and file manipulation.

This Python script exploits CVE-2020-5902, a directory traversal and command execution vulnerability in F5 BIG-IP TMUI. It sends crafted HTTP requests to read sensitive files and execute commands without authentication.

The repository provides functional exploit code for CVE-2020-5902, a critical vulnerability in F5 BIG-IP TMUI. It includes multiple proof-of-concept URLs for local file inclusion and remote code execution, along with detection methods using tools like Nuclei and Nmap.

The repository contains a Python script that scans for CVE-2020-5902 by checking if a target BIG-IP device exposes sensitive files via a path traversal vulnerability. It does not exploit the vulnerability but detects its presence.

The repository provides functional exploit URLs for CVE-2020-5902, a critical RCE vulnerability in F5 BIG-IP devices. It includes paths for file reads and command execution via directory traversal in the TMUI interface.

The repository contains a functional Python exploit for CVE-2020-5902, an unauthenticated RCE vulnerability in F5 BIG-IP TMUI. It includes both file read and command execution capabilities via crafted HTTP requests to vulnerable endpoints.

The repository contains a functional Python exploit for CVE-2020-5902, demonstrating unauthenticated remote code execution (RCE) and arbitrary file read capabilities in F5 BIG-IP TMUI via directory traversal and command injection.

This repository contains a functional Python exploit for CVE-2020-5902, a critical unauthenticated RCE vulnerability in F5 BIG-IP TMUI. The exploit chains multiple JSP endpoints to execute arbitrary commands via a crafted CLI alias.

This repository contains a Python-based scanner for detecting F5 BIG-IP devices vulnerable to CVE-2020-5902. It checks for the presence of F5-specific keywords and attempts to exploit the vulnerability by sending a crafted request to the TMSH command endpoint.

The repository contains a Python script that scans for CVE-2020-5902 by checking specific endpoints on F5 BIG-IP TMUI for vulnerability indicators. It does not include exploit code for achieving RCE but verifies the presence of the vulnerability through pattern matching.

This repository contains a functional Python exploit for CVE-2020-5902, a remote code execution vulnerability in F5 BIG-IP. The exploit leverages directory traversal and command injection to execute arbitrary commands on the target system.

The repository contains a Python script that checks for the presence of CVE-2020-5902 by sending a GET request to the F5 BIG-IP login page. It does not exploit the vulnerability but scans for its presence by verifying the HTTP response status code.

The repository provides functional exploit URLs for CVE-2020-5902, a directory traversal and RCE vulnerability in BIG-IP's TMUI. The PoC includes paths to read sensitive files and execute commands via unauthenticated HTTP requests.

This repository references an NMAP script for detecting CVE-2020-5902, a remote code execution vulnerability in F5 BIG-IP TMUI. It does not contain exploit code but points to an external NMAP script for vulnerability scanning.

This repository contains functional exploit code for CVE-2020-5902, a directory traversal and RCE vulnerability in F5 BIG-IP TMUI. It includes a bash script for testing RCE/LFI and a Metasploit module for full exploitation.

This repository contains a Python script that scans for F5 BIG-IP systems vulnerable to CVE-2020-5902 using FOFA (a search engine for network assets). It checks for the presence of the vulnerability by attempting to read /etc/passwd via the exposed TMUI endpoint.

This repository contains a functional Python exploit for CVE-2020-5902, targeting F5 BIG-IP devices. The exploit demonstrates both Local File Inclusion (LFI) and Remote Code Execution (RCE) via directory traversal and command injection through the TMUI interface.

This Python script exploits CVE-2020-5902, a directory traversal and RCE vulnerability in F5 BIG-IP TMUI. It allows unauthenticated attackers to execute commands, read files, or check for vulnerability via crafted HTTP requests.

This repository contains a Python script that scans for F5 BIG-IP servers and checks for CVE-2020-5902 by attempting to read /etc/profile via a path traversal vulnerability. It does not exploit the vulnerability beyond detection.

This repository contains a functional Go-based exploit for CVE-2020-5902, targeting F5 BIG-IP devices. The exploit leverages a path traversal vulnerability to read arbitrary files or execute commands via unauthenticated access to the TMUI interface.

This repository contains a functional mass exploiter for CVE-2020-5902, targeting F5 Big-IP devices. The exploit leverages a path traversal vulnerability to read sensitive files like /etc/passwd, confirming vulnerability status.

This Metasploit module exploits a directory traversal vulnerability (CVE-2020-5902) in F5 BIG-IP TMUI to upload and execute a shell script as root. It leverages a command alias escape in the Traffic Management Shell (TMSH) to achieve remote code execution.