false positive on poc-1 part

theLSA / f5-bigip-rce-cve-2020-5902

F5 BIG-IP RCE CVE-2020-5902 automatic check tool

MIT License

61 stars 17 forks source link

false positive on poc-1 part #1

Open sangamcs opened 3 years ago

sangamcs commented 3 years ago

        f5BypassAuthCheckRsp1 = requests.get(tgtUrl1, headers=headers, timeout=timeout, verify=False)

        if f5BypassAuthCheckRsp1.status_code == 200:
            print '[POC1]' + tgtIP + ' is vulnerable-2!!!'
            return True

because many of BigIP server having webpages.

theLSA commented 3 years ago

Thanks your feedback! poc1 = '/tmui/login.jsp/..;/tmui/system/user/authproperties.jsp' if you can access the authproperties.jsp page, that means could be vulnerable(possible, not 100%). So you can try it manually, or improve the code(such as improve this [if] statement) so that make it nearly 100% accurate.