horizon3ai/CVE-2022-1388

Stars
230
Rank 173,083 (Top 4 %)
Language
Python
Created over 2 years ago
Updated over 2 years ago

horizon3ai/CVE-2022-1388

horizon3ai

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

POC for CVE-2022-1388

CVE-2022-1388

POC for CVE-2022-1388 affecting multiple F5 products.

Follow the Horizon3.ai Attack Team on Twitter for the latest security research:

Technical Analysis

A technical root cause analysis of the vulnerability can be found on our blog: https://www.horizon3.ai/f5-icontrol-rest-endpoint-authentication-bypass-technical-deep-dive/

Summary

Necessary conditions of a request for exploiting this vulnerability:

Connection header must include X-F5-Auth-Token
X-F5-Auth-Token header must be present
Host header must be localhost / 127.0.0.1 or the Connection header must include X-Forwarded-Host
Auth header must be set with the admin username and any password

Usage

root@kali:/home/dev# python3 CVE-2022-1388.py -t 192.168.0.221 -c id
uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:initrc_t:s0

Mitigations

Update to the latest version or mitigate by following the instructions within the F5 Security Advisory

https://support.f5.com/csp/article/K23605346

Disclaimer

This software has been created purely for the purposes of academic research and for the development of effective defensive techniques, and is not intended to be used to attack systems except where explicitly authorized. Project maintainers are not responsible or liable for misuse of the software. Use responsibly.

vcenter_saml_login

A tool to extract the IdP cert from vCenter backups and log in as Administrator

CVE-2022-40684

A proof of concept exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager

CVE-2022-39952

POC for CVE-2022-39952

CVE-2021-21972

Proof of Concept Exploit for vCenter CVE-2021-21972

CVE-2021-38647

Proof on Concept Exploit for CVE-2021-38647 (OMIGOD)

CVE-2022-22972

vRealizeLogInsightRCE

POC for RCE using vulnerabilities described in VMSA-2023-0001

CVE-2023-34362

MOVEit CVE-2023-34362

CVE-2022-47966

POC for CVE-2022-47966 affecting multiple ManageEngine products

proxyshell

Proof of Concept for CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207

CVE-2023-27524

Basic PoC for CVE-2023-27524: Insecure Default Configuration in Apache Superset

backup_dc_registry

A simple POC that abuses Backup Operator privileges to remote dump SAM, SYSTEM, and SECURITY

CVE-2023-34051

VMware Aria Operations for Logs CVE-2023-34051

CVE-2024-0204

Authentication Bypass in GoAnywhere MFT

CVE-2023-27532

POC for Veeam Backup and Replication CVE-2023-27532

CVE-2023-27350

Proof of Concept Exploit for PaperCut CVE-2023-27350

CVE-2022-28219

PoC for ManageEngine ADAudit Plus CVE-2022-28219

CVE-2023-48788

Fortinet FortiClient EMS SQL Injection

CVE-2023-38035

Ivanti Sentry CVE-2023-38035

CVE-2024-23108

CVE-2024-23108: Fortinet FortiSIEM Unauthenticated 2nd Order Command Injection

CVE-2021-44077

Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077

CVE-2023-34992

CVE-2023-34992: Fortinet FortiSIEM Command Injection Proof of Concept Exploit

CVE-2023-26067

Lexmark CVE-2023-26067

CVE-2024-1403

Progress OpenEdge Authentication Bypass

h3-cli

CLI tool for the Horizon3.ai API

CVE-2024-29824

Ivanti EPM SQL Injection Remote Code Execution Vulnerability

CVE-2021-44142

cyanide

SecureConnect-Auth-Bypass

An exploit proof of concept for ConnectWise SecureConnect authentication bypass vulnerability.