Subscribe via feed.

F5 iControl Server-Side Request Forgery / Remote Command Execution

Posted by deepcore on April 2, 2021 – 7:41 pm

This Metasploit module exploits a pre-authentication server-side request forgery vulnerability in the F5 iControl REST API’s /mgmt/shared/authn/login endpoint to generate an X-F5-Auth-Token that can be used to execute root commands on an affected BIG-IP or BIG-IQ device.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.


« »