CVE-2020-3956 PoC — VMware Cloud Director 注入漏洞

Source

https://github.com/aaronsvk/CVE-2020-3956

Associated Vulnerability

Title:VMware Cloud Director 注入漏洞 (CVE-2020-3956)
Description:VMware Cloud Director是美国威睿（VMware）公司的一套云服务交付平台。该平台支持虚拟数据中心创建、多站点管理、数据中心扩展和云迁移以及云原生应用程序开发等功能。 Vmware vCloud Director中存在注入漏洞，该漏洞源于程序没有正确处理输入。攻击者可利用该漏洞执行任意代码。以下产品及版本受到影响：vCloud Director 10.0.0.2之前的10.0.x版本，9.7.0.5之前的9.7.0.x版本，9.5.0.6之前的9.5.0.x版本，9.1.0.4之前的9.

Description

PoC exploit for VMware Cloud Director RCE (CVE-2020-3956)

Readme

# CVE-2020-3956
PoC exploit for VMware Cloud Director RCE (CVE-2020-3956)

![exploit.png](exploit.png)

Technical advisory is available here:  
https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/

File Snapshot


 [4.0K]  /data/pocs/3e87b77a99174983bc60bcdd5e7a89b7984bed82
├── [ 42K]  exploit.png
├── [5.7K]  exploit.py
└── [ 244]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!