#!/bin/bash

# TMUI RCE vulnerability CVE-2020-5902
# Security Advisory Description
# The Traffic Management User Interface (TMUI), also referred to as the Configuration utility, 
# has a Remote Code Execution (RCE) vulnerability in undisclosed pages. (CVE-2020-5902)

CREDS=<username><password>
IP=localhost

curl -u $CREDS -k https://$IP/mgmt/tm/sys/httpd -X PATCH -d '{"include":"\n <LocationMatch \\\";\\\">\n Redirect 404 /\n </LocationMatch>\n <LocationMatch \\\"hsqldb\\\">\n Redirect 404 /\n </LocationMatch>\n "}' -H content-type:application/json

sleep 10

curl -k -u $CREDS -H "Content-Type: application/json" -d '{"command":"save"}' https://$IP/mgmt/tm/sys/config

sleep 10

Device="$(uname -n)"
echo HOSTNAME:${Device/.*/}

URL="https://localhost/tmui/login.jsp/..;/login.jsp"

response=$(curl -k -s -w "%{http_code}" $URL)

http_code=$(tail -n1 <<< "$response")  # get the last line
content=$(sed '$ d' <<< "$response")   # get all but the last line which contains the status code

echo "$http_code"
#echo "$content"

echo "done"