CVE-2022-1388

This exploit targets CVE-2022-1388 in F5 BIG-IP 16.0.x by sending a crafted POST request to the management interface's bash endpoint, executing a reverse shell payload via the 'utilCmdArgs' parameter. It leverages basic authentication and a malformed X-F5-Auth-Token header to bypass authentication.

This is a functional exploit for CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP iControl REST. It leverages a misconfigured endpoint to execute arbitrary commands as root by manipulating headers and sending a crafted JSON payload.

This repository contains a working PoC for CVE-2022-1388, an RCE vulnerability in F5 BIG-IP iControl REST API. It includes both a vulnerability checker and an exploit script capable of executing arbitrary commands and reverse shells.

This repository provides a working proof-of-concept for CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP iControl REST interface. The exploit demonstrates remote command execution by leveraging improper authentication handling and specific HTTP headers.

This repository contains a Python script that exploits CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP iControl REST, allowing remote command execution (RCE) via unauthenticated access to the `/mgmt/tm/util/bash` endpoint.

This repository contains a Python-based exploit for CVE-2022-1388, an unauthenticated remote code execution vulnerability in F5 BIG-IP iControl REST API. The exploit includes functionality to check for vulnerability and execute arbitrary commands on affected systems.

This PoC demonstrates an authenticated remote command execution (RCE) vulnerability in F5 BIG-IP via an exposed management interface. The exploit sends a crafted POST request to `/mgmt/tm/util/bash` with a base64-encoded admin credential to execute arbitrary commands (e.g., `id`).

This repository contains a verified proof-of-concept exploit for CVE-2022-1388, a vulnerability in BIG-IP iControl REST that allows unauthenticated remote command execution via a crafted POST request to the management interface.

This repository contains a functional Python exploit for CVE-2022-1388, an unauthenticated remote command execution vulnerability in F5 BIG-IP and BIG-IQ systems. The exploit includes verification, command execution, batch scanning, and reverse shell capabilities.

This repository provides a Nuclei template and manual PoC to detect the presence of the BIG-IP iControl REST API endpoint vulnerable to CVE-2022-1388. It checks for a 401 response containing specific error messages, indicating the API is exposed but does not exploit the vulnerability.

This repository contains a bash script that checks for the presence of CVE-2022-1388, a vulnerability in F5 BIG-IP iControl REST API. The script scans a list of hosts and reports whether the vulnerable endpoint is exposed.

This is a functional PoC for CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP iControl REST. It includes both a test function to verify vulnerability and an interactive shell for remote command execution.

This repository contains a Python-based exploit for CVE-2022-1388, an unauthenticated RCE vulnerability in F5 BIG-IP. The exploit sends crafted HTTP requests with specific headers to trigger command execution via the management interface.

This repository contains a Java-based exploit for CVE-2022-1388, an RCE vulnerability in F5 BIG-IP iControl REST. It includes a test API lab and tools for scanning and exploiting the vulnerability.

This repository contains a Go-based PoC for multiple F5 BIG-IP vulnerabilities, including CVE-2022-1388, which allows authentication bypass and remote command execution. The code sends crafted HTTP requests to exploit the vulnerabilities and checks for successful execution.

This PoC exploits CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP iControl REST. It sends a crafted POST request to execute arbitrary commands (e.g., 'id') via the '/mgmt/tm/util/bash' endpoint with a malformed 'X-F5-Auth-Token' header.

This is a functional Python exploit for CVE-2022-1388, an unauthenticated RCE vulnerability in F5 BIG-IP. It leverages improper authentication in the iControl REST interface to execute arbitrary commands via the `/mgmt/tm/util/bash` endpoint.

This is a functional exploit for CVE-2022-1388, targeting F5 BIG-IP iControl REST. It allows unauthenticated remote command execution via the /mgmt/tm/util/bash endpoint. The PoC includes options for single command execution, reverse shell, and traffic capture via tcpdump.

The repository contains a bash script that checks for the presence of CVE-2022-1388, an RCE vulnerability in F5 BIG-IP. It scans a list of hosts for the exposed iControl REST API endpoint but does not include a functional exploit.

This repository contains a writeup and screenshot for CVE-2022-1388, an unauthenticated remote code execution vulnerability in F5 Big-IP. No actual exploit code is provided, only a description and promotional links.

This PoC exploits CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP iControl REST API, allowing unauthenticated remote command execution via crafted HTTP requests. It includes checks for vulnerability and command execution capabilities.

This repository provides a Nuclei template and manual PoC for exploiting CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP iControl REST API. The exploit allows unauthenticated attackers to execute arbitrary system commands via crafted HTTP requests.

This repository contains a scanner for CVE-2022-1388, which exploits an authentication bypass in F5 BIG-IP's iControl REST API to execute arbitrary commands. The script uses Shodan to find potential targets and attempts to verify vulnerability by sending a test command.

This repository contains a Python-based scanner for detecting CVE-2022-1388, a vulnerability in F5 BIG-IP iControl REST. The scanner sends a POST request to the vulnerable endpoint to check if the target is susceptible to remote command execution (RCE).

This repository contains a PoC exploit for CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP. The scripts demonstrate command injection via the management interface, allowing remote code execution (RCE) by sending a crafted HTTP request to the `/mgmt/tm/util/bash` endpoint.

This repository contains a Python script that exploits CVE-2022-1388, an RCE vulnerability in F5 BIG-IP. The script allows for single URL exploitation, batch URL scanning with multithreading, and command execution on vulnerable targets.

This repository provides a test API to simulate the vulnerability described in CVE-2022-1388, which allows remote command execution via the F5 BIG-IP management interface. The main.py file implements a FastAPI endpoint that mimics the vulnerable endpoint and executes bash commands provided in the request.

This exploit targets CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP iControl REST. It sends a crafted POST request to execute arbitrary commands via the `/mgmt/tm/util/bash` endpoint by manipulating headers and JSON payload.

This repository contains a Python-based exploit for CVE-2022-1388, an unauthenticated RCE vulnerability in F5 BIG-IP. The exploit sends crafted HTTP requests with specific headers to trigger command execution via the management interface.

The repository contains a functional exploit for CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP's iControl REST API. It includes a Nuclei template and manual PoC using crafted HTTP requests to achieve RCE via the `/mgmt/tm/util/bash` endpoint.

The repository contains a scanner for CVE-2022-1388, an RCE vulnerability in F5 BIG-IP. It checks for vulnerability by sending a crafted POST request to the `/mgmt/tm/util/bash` endpoint on ports 443 and 8443, attempting to execute a command to read `/etc/passwd`.

This repository contains a functional exploit for CVE-2022-1388, an RCE vulnerability in F5 BIG-IP iControl REST API. The exploit sends crafted JSON payloads to the `/mgmt/tm/util/bash` endpoint to execute arbitrary commands. It includes both single-target and mass-checking capabilities.

This repository contains a working proof-of-concept exploit for CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP iControl REST. The exploit leverages a misconfiguration in the REST endpoint to execute arbitrary commands via the `/mgmt/tm/util/bash` endpoint.

This PoC exploits CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP iControl REST, allowing unauthenticated remote command execution via a crafted HTTP request to the `/mgmt/tm/util/bash` endpoint.

This repository provides a Nuclei template for detecting CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP. The PoC uses a template to check for the presence of sensitive files like '/etc/shadow' or '/etc/passwd' as proof of exploitation.

This is a functional exploit for CVE-2022-1388, an RCE vulnerability in F5 BIG-IP iControl REST. It sends a crafted POST request to execute arbitrary commands via the `/mgmt/tm/util/bash` endpoint with hardcoded credentials.

This repository contains a Python-based exploit for CVE-2022-1388, an unauthenticated RCE vulnerability in F5 BIG-IP iControl REST. The exploit leverages an authentication bypass to execute arbitrary commands as root via the `/mgmt/tm/util/bash` endpoint.

This repository contains a functional PoC for CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP. The script includes both scanning and exploitation capabilities, allowing arbitrary command execution via the BIG-IP management interface.

This PoC demonstrates an authentication bypass vulnerability in F5 BIG-IP's iControl REST interface, allowing arbitrary command execution via a crafted cURL request. The exploit leverages invalid credentials in the Authorization header to bypass authentication and execute commands through the `/mgmt/tm/util/bash` endpoint.

This exploit leverages CVE-2022-1388 (authentication bypass) and CVE-2022-41800 (command injection) to achieve a root reverse shell on F5 BIG-IP devices. It uses the `/mgmt/shared/iapp/rpm-spec-creator` and `/mgmt/shared/iapp/build-package` endpoints to execute arbitrary commands via a crafted RPM spec file.

This repository contains a functional Python exploit for CVE-2022-1388, an authentication bypass leading to remote code execution (RCE) in F5 BIG-IP iControl REST. The exploit sends a crafted HTTP POST request to bypass authentication and execute arbitrary commands via the `/mgmt/tm/util/bash` endpoint.

This repository contains a Python-based exploit for CVE-2022-1388, an RCE vulnerability in F5 BIG-IP. The exploit sends a crafted JSON payload to the `/mgmt/tm/util/bash` endpoint to execute arbitrary commands on vulnerable systems.

This is a functional PoC for CVE-2022-1388, an RCE vulnerability in F5 BIG-IP. It exploits an authentication bypass in the iControl REST interface to execute arbitrary commands via the `/mgmt/tm/util/bash` endpoint.

This is a functional Python-based PoC for CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP iControl REST. It exploits improper header handling to execute arbitrary commands via an interactive shell or single command execution.

This repository contains a functional proof-of-concept exploit for CVE-2022-1388, an RCE vulnerability in F5 BIG-IP. The script sends a crafted POST request to the vulnerable endpoint `/mgmt/tm/util/bash` with malicious headers and a JSON payload to execute arbitrary commands.

This PoC exploits CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP, by sending a crafted POST request to execute arbitrary commands via the management interface. The script reads target URLs from a file and checks for vulnerability by running the 'id' command.

This exploit targets CVE-2022-1388, an RCE vulnerability in F5 BIG-IP iControl REST. It sends a crafted POST request to execute arbitrary commands via the `/mgmt/tm/util/bash` endpoint.

This repository contains a functional exploit for CVE-2022-1388, an RCE vulnerability in F5 BIG-IP iControl REST API. The exploit sends crafted JSON payloads to execute arbitrary commands via the `/mgmt/tm/util/bash` endpoint.

This repository contains a Python script that exploits CVE-2022-1388, an unauthenticated remote command execution vulnerability in F5 BIG-IP iControl REST. The script sends a crafted POST request to execute arbitrary commands on vulnerable systems.

This is a functional exploit for CVE-2022-1388, targeting F5 BIG-IP devices. It includes verification, command execution, batch scanning, and an interactive shell mode, leveraging unauthenticated access to execute arbitrary commands via the management interface.

This exploit targets CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP iControl REST. It sends a crafted POST request to execute arbitrary commands via the `/mgmt/tm/util/bash` endpoint by leveraging improper authentication handling.

This PoC exploits CVE-2022-1388, an unauthenticated RCE vulnerability in F5 BIG-IP iControl REST. It sends a crafted POST request to execute arbitrary commands (e.g., 'whoami') via the management interface.

The repository contains a functional Python script that exploits CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP iControl REST API, leading to remote command execution. The script sends a crafted POST request with spoofed headers to execute arbitrary commands on the target system.

This repository contains a functional Python script that exploits CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP devices. The exploit leverages hop-by-hop header manipulation (Connection header) to bypass authentication and achieve remote code execution via the `/mgmt/tm/util/bash` endpoint.

This Python script exploits CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP iControl REST, allowing unauthenticated remote command execution via crafted HTTP requests. It supports both single command execution and interactive shell sessions.

This exploit leverages CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP iControl REST, to execute arbitrary commands via a pseudoshell. It sends crafted requests to the `/mgmt/tm/util/bash` endpoint with manipulated headers to bypass authentication.

This repository contains a working PoC for CVE-2022-1388, an authentication bypass leading to RCE in F5 BIG-IP. The exploit leverages improper header handling to access admin endpoints and execute arbitrary commands via the `/mgmt/tm/util/bash` endpoint.

This Python script exploits CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP iControl REST, allowing unauthenticated remote command execution via the `/mgmt/tm/util/bash` endpoint. The script includes both verification and exploitation capabilities, enabling arbitrary command execution on vulnerable systems.

This repository contains a Python scanner for detecting F5 Big-IP systems vulnerable to CVE-2022-1388. It checks for the presence of a specific error response in the login endpoint to identify vulnerable targets.

This repository provides a cURL one-liner to exploit CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP iControl REST. The exploit sends a crafted request to execute arbitrary commands via the `/mgmt/tm/util/bash` endpoint.

This is a functional exploit for CVE-2022-1388, an unauthenticated RCE vulnerability in F5 BIG-IP. It sends a crafted POST request to execute arbitrary commands via the management interface.

This repository contains a functional exploit for CVE-2022-1388, targeting F5 BIG-IP devices. The exploit sends a crafted POST request to the `/mgmt/tm/util/bash` endpoint to achieve remote command execution (RCE) without authentication.

This repository contains a Python exploit for CVE-2022-1388, an RCE vulnerability in F5's BIG-IP. The exploit sends a crafted POST request to the vulnerable endpoint to execute arbitrary commands.

This is a functional exploit for CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP iControl REST interface leading to remote code execution. The PoC sends crafted JSON payloads to the `/mgmt/tm/util/bash` endpoint with manipulated headers to bypass authentication and execute arbitrary commands.

This repository provides a PoC and exploit for CVE-2022-1388, a vulnerability in F5 BIG-IP. The exploit allows remote command execution (RCE) via the `pocsuite` framework, with options for both testing and executing commands.

This Python script exploits CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP iControl REST, allowing unauthenticated remote command execution via a crafted POST request to the management interface.

This repository contains a scanner for CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP. The script checks if a target is vulnerable by sending a crafted HTTP request and analyzing the response.

This repository contains a scanner script for CVE-2022-1388, which checks if the F5 BIG-IP iControl REST API is exposed. The script sends a request to the login endpoint and checks for a specific error response to determine vulnerability.

This repository contains a scanner for CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP iControl REST. The provided instructions are minimal and reference a mismatched CVE (2021-21980) in the clone URL, but the README explicitly mentions CVE-2022-1388.

This repository contains a functional exploit for CVE-2022-1388, an RCE vulnerability in F5 BIG-IP. The script sends crafted JSON payloads to the `/mgmt/tm/util/bash` endpoint, allowing command execution via the `utilCmdArgs` parameter.

This repository provides a functional cURL one-liner to exploit CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP's iControl REST interface. The exploit allows arbitrary command execution via the `/mgmt/tm/util/bash` endpoint by bypassing authentication with crafted headers.

This repository contains a functional exploit for CVE-2022-1388, targeting F5 BIG-IP devices. The exploit sends a crafted POST request to the `/mgmt/tm/util/bash` endpoint with a command injection payload to execute arbitrary commands (e.g., `id`).

This repository contains a functional Nuclei template for exploiting CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP iControl REST API. The exploit allows unauthenticated remote command execution by leveraging a crafted HTTP request with a malformed X-F5-Auth-Token header.

The repository contains a functional exploit PoC for CVE-2022-1388, demonstrating an authentication bypass leading to remote command execution on F5 BIG-IP devices via the `/mgmt/tm/util/bash` endpoint. The provided HTTP request includes a crafted `X-F5-Auth-Token` header and a command injection payload.

This Metasploit module exploits CVE-2022-1388, an authentication bypass in F5 BIG-IP iControl REST service, to execute commands as root via the /mgmt/tm/util/bash endpoint. It includes checks for vulnerability and supports both Unix command and Linux dropper payloads.