CVE-2021-22005 PoC — Vmware VMware vCenter Server 路径遍历漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-22005.yaml

Associated Vulnerability

Title:Vmware VMware vCenter Server 路径遍历漏洞 (CVE-2021-22005)
Description:VMware vCenter Server是美国威睿（VMware）公司的一套服务器和虚拟化管理软件。该软件提供了一个用于管理VMware vSphere环境的集中式平台，可自动实施和交付虚拟基础架构。 VMware vCenter Server 存在路径遍历漏洞，该漏洞源于在Analytics服务中上传文件时文件验证不足导致。未经身份验证的攻击者可以通过网络访问443端口，在目标系统上传和执行任意文件。

Description

VMware vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.

File Snapshot


 id: CVE-2021-22005

info:
  name: VMware vCenter Server - Arbitrary File Upload
  author: PR3R00T
  

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!