F5 BIG-IP TMUI AJP Smuggling Remote Command Execution

This Metasploit module exploits a flaw in F5's BIG-IP Traffic Management User Interface (TMU) that enables an external, unauthenticated attacker to create an administrative user. Once the user is created, the module uses the new account to execute a command payload. Both the exploit and check methods automatically delete any temporary accounts that are created.

account accounts attacker big big-ip check command delete exploit exploits external flaw interface management metasploit payload smuggling tmu traffic traffic management unauthenticated user interface