Skip to content

0xTract0r/CVE-2021-21972

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
img
img
 
 
payload
payload
 
 
CVE-2021-21972.py
CVE-2021-21972.py
 
 
README.md
README.md
 
 

Repository files navigation

CVE-2021-21972

CVE-2021-21972

Works On

  • VMware-VCSA-all-6.7.0-8217866、VMware-VIM-all-6.7.0-8217866 ✔
  • VMware-VCSA-all-6.5.0-16613358 ✔

Need test

  • vCenter 6.5 Linux(VCSA)/Window Waiting For Test
  • vCenter 6.7 Linux(VCSA)/Window Waiting For Test
  • vCenter 7.0 Linux(VCSA)/Window Waiting For Test

Details

  1. 漏洞为任意文件上传
  2. 存在问题的接口为/ui/vropspluginui/rest/services/uploadova,完整路径(https://domain.com/ui/vropspluginui/rest/services/uploadova
  3. 仓库内的payload文件夹内的tar文件为默认冰蝎3 webshell

Screenshots

Runtime

3.png

Success

1.png

1.png

声明

  • 仅供安全研究

About

CVE-2021-21972 Exploit

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 91.1%
  • Java 8.9%