Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-22954 PoC — VMware 多款产品代码注入漏洞

Source
https://github.com/MSeymenD/CVE-2022-22954-Testi
Associated Vulnerability
Title:VMware 多款产品代码注入漏洞 (CVE-2022-22954)
Description:Vmware Workspace One Access是美国Vmware公司的将用户身份与设备和网络信息等因素结合起来,为 Workspace One 交付的应用程序制定智能驱动的条件访问决策。 VMware 多款产品存在代码注入漏洞,该漏洞源于不正确的输入验证。远程攻击者利用该漏洞发送特制的HTTP请求并执行服务器端模板注入。
Description
CVE-2022-22954 Açığı test etme
Readme
# CVE-2022-22954-Testi
CVE-2022-22954 Açığı test etme

VMware Workspace ONE Access ve Identity Manager, sunucu tarafı şablon yerleştirme nedeniyle bir uzaktan kod yürütme güvenlik açığı içerir. Ağ erişimine sahip kötü niyetli bir aktör, uzaktan kod yürütülmesine neden olabilecek bir sunucu tarafı şablon enjeksiyonunu tetikleyebilir.

Sunucu Tarafı Şablon Enjeksiyonu Uzaktan Kod Yürütme Güvenlik Açığı (CVE-2022-22954)
https://www.vmware.com/security/advisories/VMSA-2022-0011.html

Lütfen yasal sınırlar içerisinde kullanın.
Yasa Dışı Kullanımda Sorumluluk Kabul Etimyorum.

Test ve Öğrenme Amaçlıdır.

Çalıştırma
python3 vmware.py http://.....

#-----------EN------------

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.

Server-side Template Injection Remote Code Execution Vulnerability (CVE-2022-22954)
https://www.vmware.com/security/advisories/VMSA-2022-0011.html

Please used within limitations.
I Take No Responsibility for Illegal Use.

For Testing and Guidance Purposes.

Operating
python3 vmware.py http://.....
File Snapshot

 [4.0K]  /data/pocs/0255dc9c7c7fa4ca4f58498a3267da4a6eb6d977
├── [1.3K]  README.md
└── [ 967]  vmware.py

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.