CVE-2023-46747

This repository contains a functional exploit for CVE-2023-46747, a remote code execution vulnerability in F5 BIG-IP TMUI. The exploit creates an unauthorized user, resets the password, obtains an authentication token, and executes arbitrary commands via the `/mgmt/tm/util/bash` endpoint.

This Python script exploits CVE-2023-46747 in F5 BIG-IP by sending a crafted HTTP request to create an administrator account. It then verifies the vulnerability by attempting to log in with the newly created credentials.

This repository contains a functional exploit for CVE-2023-46747, targeting F5 BIG-IP devices via unauthenticated RCE through AJP + HTTP request smuggling. The exploit automates admin user creation and delivers a reverse shell.

The repository contains a functional exploit script for CVE-2023-46747, targeting F5 BIG-IP products for pre-authentication remote code execution. The script includes authentication bypass and command execution capabilities, with configurable options for proxies, timeouts, and verbose output.

This repository contains a functional Python exploit for CVE-2023-46747, an unauthenticated remote code execution vulnerability in F5 BIG-IP TMUI. The exploit automates user creation, token retrieval, and command execution via crafted HTTP requests.

This repository provides an Ansible playbook and mitigation script to address CVE-2023-46747, an unauthenticated remote code execution vulnerability in BIG-IP Configuration utility. The mitigation script modifies configuration files to enforce AJP secret authentication and restarts affected services.

This repository contains a functional exploit for CVE-2023-46747, which allows unauthenticated attackers to create a privileged user account on F5 BIG-IP devices, leading to remote code execution (RCE). The exploit leverages a vulnerability in the authentication mechanism by sending a crafted HTTP request with chunked encoding to bypass authentication and create a new admin user.

This repository contains a functional Python exploit for CVE-2023-46747, an unauthenticated remote code execution vulnerability in F5 BIG-IP appliances. The exploit automates the creation of a new user, password reset, token retrieval, and command execution via the TMUI interface.

This PoC exploits CVE-2023-46747, an authenticated remote command execution vulnerability in F5 BIG-IP. It sends a crafted JSON payload to the `/mgmt/tm/util/bash` endpoint, executing arbitrary commands via the `utilCmdArgs` parameter.

This repository contains a functional exploit for CVE-2023-46747, an unauthenticated RCE vulnerability in F5 BIG-IP via AJP + HTTP request smuggling. The exploit automates the creation of an admin user, changes the password, and sends a reverse shell.

This PoC exploits CVE-2023-46747, an authentication bypass vulnerability in F5 BIG-IP, by crafting an AJP packet to create an unauthorized user and then leveraging that user to execute arbitrary commands via the management interface.

The repository contains functional exploit code for multiple vulnerabilities, including CVE-2023-46747 (F5 BIG-IP RCE). The provided Python scripts demonstrate authentication bypass, RCE, and file read exploits with clear technical implementation.

This Metasploit module exploits CVE-2023-46747, an unauthenticated RCE vulnerability in F5 BIG-IP TMUI via AJP request smuggling to create an admin user and execute commands. It automates user creation, password updates, and cleanup.