CVE-2020-3952 PoC — VMware vCenter Server 访问控制错误漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-3952.yaml

Associated Vulnerability

Title:VMware vCenter Server 访问控制错误漏洞 (CVE-2020-3952)
Description:VMware vCenter Server是美国威睿（VMware）公司的一套服务器和虚拟化管理软件。该软件提供了一个用于管理VMware vSphere环境的集中式平台，可自动实施和交付虚拟基础架构。 VMware vCenter Server 6.7版本中的vmdir存在访问控制错误漏洞，该漏洞源于程序没有正确实现访问控制。攻击者可利用该漏洞提取敏感信息。

Description

Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.

File Snapshot


 id: CVE-2020-3952

info:
  name: VMware vCenter Server LDAP Broken Access Control
  author: 0x_Akoko

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!