CVE-2021-21980 PoC — VMware vCenter Server 信息泄露漏洞

Source

https://github.com/Osyanina/westone-CVE-2021-21980-scanner

Associated Vulnerability

Title:VMware vCenter Server 信息泄露漏洞 (CVE-2021-21980)
Description:VMware vCenter Server是美国威睿（VMware）公司的一套服务器和虚拟化管理软件。该软件提供了一个用于管理VMware vSphere环境的集中式平台，可自动实施和交付虚拟基础架构。 VMware vCenter Server 中存在信息泄露漏洞。该漏洞源于包含未经授权的任意文件读取漏洞。对 vCenter Server 上的端口 443 具有网络访问权限的恶意行为者可能会利用此问题来获取对敏感信息的访问权限。

Description

A vulnerability scanner that detects CVE-2021-21980 vulnerabilities.

Readme

# westone-CVE-2021-21980-scanner   
VMware vCenter earlier versions (7.0.2.00100) has unauthorized arbitrary file read + ssrf + xss vulnerability
# Installation & Usage  
git clone https://github.com/Osyanina/westone-CVE-2021-21980-scanner.git  
cd westone-CVE-2021-21980-scanner  
cmd CVE-2021-21980.exe

File Snapshot


 [4.0K]  /data/pocs/b949cbc96c43c84a06895559f7189a9b3d2448da
├── [4.5M]  CVE-2021-21980.exe
└── [ 307]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!