kravietz πŸ¦‡  

Code from highly respected F5 enterprise web security appliances basically runs tar as root on input from HTTP at /mgmt/tm/util/bash URL πŸ€” And it's 2021.

1
That guy over there Ω†  

@kravietz what could possibly go wrong?

1
kravietz πŸ¦‡  

@thatguyoverthere

Just an extra admin console :)

github.com/h4x0r-dz/RCE-Exploi

1+
That guy over there Ω†  

@kravietz 77 lines to own a "security" appliance 🀣

1
kravietz πŸ¦‡
Follow

@thatguyoverthere

A *Respected* Enterprise Security Appliance!

Β· Β· 0 Β· 0 Β· 1
Sign in to participate in the conversation
Mastodon πŸ” privacytools.io

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, many contributions are tax deductible!

Resources

Developers

What is Mastodon?

social.privacytools.io

More…