Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-22006 PoC — Vmware VMware vCenter Server 授权问题漏洞

Source
https://github.com/CrackerCat/CVE-2021-22006
Associated Vulnerability
Title:Vmware VMware vCenter Server 授权问题漏洞 (CVE-2021-22006)
Description:Vmware VMware vCenter Server是美国威睿(Vmware)公司的一套服务器和虚拟化管理软件。该软件提供了一个用于管理VMware vSphere环境的集中式平台,可自动实施和交付虚拟基础架构。 VMware vCenter Server 存在授权问题漏洞,利用该漏洞远程攻击者可以在未经授权的情况下访问系统。
Description
CVE-2021-22005 - VMWare vCenter Server File Upload to RCE
Readme
# CVE-2021-22005 - VMWare vCenter Server File Upload to RCE
#### Analyze

![1632587348859](img/1632587348859.png)

![1632587404058](img/1632587404058.png)

![1632587421261](img/1632587421261.png)

#### Usage

```
-------------------------------------------------------------
[*] CVE-2021-22005 - VMWare vCenter Server File Upload to RCE
[*] Github: https://github.com/r0ckysec
[*] Twitter: https://twitter.com/r0cky6861636b
[*] Author: r0cky
-------------------------------------------------------------


Usage: ./cve-2021-22005_exp -u <http://target>

Optional Arguments:
  -h help         Show This Help Message And Exit
  -u url          Will Send Payload To Target URL
  -s shell        One-click GetShell
  -p proxy        Specific Request Proxy
```



##### GetShell

![1632587653344](img/1632587653344.png)
File Snapshot

 [4.0K]  /data/pocs/0893679bd47ebecdcd50a7c5279454946c3b87d6
├── [4.5K]  CVE-2021-22005_PoC.py
├── [4.0K]  exp
│   ├── [6.6M]  cve-2021-22005_exp_linux
│   └── [6.5M]  cve-2021-22005_exp_win.exe
├── [4.0K]  img
│   ├── [ 65K]  1632587348859.png
│   ├── [242K]  1632587404058.png
│   ├── [ 16K]  1632587421261.png
│   └── [450K]  1632587653344.png
└── [ 814]  README.md

2 directories, 8 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.