CVE-2021-21978 PoC — VMware View Planner 代码问题漏洞

Source

https://github.com/GreyOrder/CVE-2021-21978

Associated Vulnerability

Title:VMware View Planner 代码问题漏洞 (CVE-2021-21978)
Description:VMware View Planner是美国VMware公司的一个应用软件。提供了一种可捕获部署平台的整体可扩展性以及给定桌面内每个单独的应用程序操作性能的方法。 VMware View Planner 4.x prior to 4.6 存在安全漏洞，改漏洞允许具有网络访问权的未经授权的攻击者可以上传和执行一个特别制作的文件，导致在logupload容器中远程执行代码。

Description

CVE-2021-21978 exp

Readme

# CVE-2021-21978
CVE-2021-21978 RCE exp

影响版本
VMware View Planner Harness 4.X

与 CVE-2021-21978 类似，该漏洞可以在未授权访问的情况下，上传任意文件，并通过修改自带 py 脚本实现远程代码执行。
值得注意的是，执行命令是在 docker 容器中，并不是直接在系统中执行。

用法：

```
go run CVE-2021-21978.go -h <target ip> -c <cmd>
```

<img src="https://raw.githubusercontent.com/GreyOrder/CVE-2021-21978/main/example.png">

File Snapshot


 [4.0K]  /data/pocs/83af78e83827103e3bb44fc3ceabce23914a9c58
├── [6.2K]  CVE-2021-21978.go
├── [9.1K]  example.png
└── [ 497]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!