CVE-2022-22954 PoC — VMware 多款产品代码注入漏洞

Source

https://github.com/axingde/CVE-2022-22954-POC

Associated Vulnerability

Title:VMware 多款产品代码注入漏洞 (CVE-2022-22954)
Description:Vmware Workspace One Access是美国Vmware公司的将用户身份与设备和网络信息等因素结合起来，为 Workspace One 交付的应用程序制定智能驱动的条件访问决策。 VMware 多款产品存在代码注入漏洞，该漏洞源于不正确的输入验证。远程攻击者利用该漏洞发送特制的HTTP请求并执行服务器端模板注入。

Description

提供单个或批量URL扫描是否存在CVE-2022-22954功能

Readme

## VMware-CVE-2022-22954-POC

**声明:该POC仅供于学习专用，禁止一切违法操作，如果进行恶意破坏与本人无关！！！**

—、批量检测脚本：

用法：

```
python vm-2022-22954-POC.py url.txt
```

![image-20220412143746878](img/image-20220412143746878.png)

二、单个url检测：

```
python vm-2022-22954-POC.py http://xx.xx.xx.xx
```

![image-20220412143557105](img/image-20220412143557105.png)

脚本执行成功，若存在漏洞则会在本地生成一个succ.txt文档并存储其中

File Snapshot


 [4.0K]  /data/pocs/1ef2abe24fdea90209ad8098d5ed00f4b8b0b55d
├── [4.0K]  img
│   ├── [ 55K]  image-20220412143557105.png
│   └── [ 54K]  image-20220412143746878.png
├── [ 647]  poc-yaml-vm-CVE-2022-22954-RCE.yml
├── [ 529]  README.md
└── [2.8K]  vm-2022-22954.py

1 directory, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!