CVE-2021-21973 PoC — VMware vCenter Server 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-21973.yaml

Associated Vulnerability

Title:VMware vCenter Server 代码问题漏洞 (CVE-2021-21973)
Description:Vmware VMware vCenter Server是美国威睿（Vmware）公司的一套服务器和虚拟化管理软件。该软件提供了一个用于管理VMware vSphere环境的集中式平台，可自动实施和交付虚拟基础架构。 VMware vCenter Server 存在代码问题漏洞，该漏洞源于vCenter Server插件中的url验证不当。

Description

VMware vSphere (HTML5) is susceptible to server-side request forgery due to improper validation of URLs in a vCenter Server plugin. An attacker with network access to port 443 can exploit this issue by sending a POST request to the plugin. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l, and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

File Snapshot


 id: CVE-2021-21973

info:
  name: VMware vSphere - Server-Side Request Forgery
  author: pdteam
  se

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!