def exploit_vdesk_hangup_php3(url, php_code): try: # define the POST request data data = 'hangup': 'hangup', 'vdesk_username': 'your_username', 'vdesk_password': 'your_password', 'php_code': php_code
It is likely you are referring to a Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF) flaw found in the FirePass management interface. Identified Vulnerabilities in F5 FirePass ( The most documented exploits related to the
when CLIENT_ACCEPTED ACCESS::restrict_irule_events disable when HTTP_REQUEST # Isolate unauthenticated directory queries if [HTTP::uri] equals "/vdesk/hangup.php3" if [ACCESS::session exists] ACCESS::session remove HTTP::redirect "/" Use code with caution. 2. Disable Browser Link Prefetching vdesk hangupphp3 exploit
Within the architecture of an F5 BIG-IP APM device, /vdesk/ is the standard URI directory reserved for virtual desktop and user portal access functionalities. The primary purpose of hangup.php3 is to .
Great example of how unvalidated user-supplied input in a PHP3 legacy script can compromise an entire SSL VPN gateway. Disable Browser Link Prefetching Within the architecture of
This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later. Bug ID 686691 - F5 Networks
For requests that do not match the rule, set the rule action to directly replace the request URI target with /vdesk/hangup.php3 or drop the packet entirely. This public link is valid for 7 days
For real exploitation, the researchers demonstrated a fully functional HTML page that, when viewed by a logged-in administrator, silently executed remote JavaScript: