CVE-2021-21972
- VMware-VCSA-all-6.7.0-8217866、VMware-VIM-all-6.7.0-8217866 ✔
- VMware-VCSA-all-6.5.0-16613358 ✔
vCenter 6.7U2+ running website in memory,so this exp can't work for 6.7 u2+.
vCenter 6.5 Linux(VCSA)/Window Waiting For TestvCenter 6.7 Linux(VCSA)/Window Waiting For TestvCenter 7.0 Linux(VCSA)/Window Waiting For Test
- 漏洞为任意文件上传
- 存在问题的接口为
/ui/vropspluginui/rest/services/uploadova,完整路径(https://domain.com/ui/vropspluginui/rest/services/uploadova) - 仓库内的
payload文件夹内的tar文件为默认冰蝎3 webshell
- 工具仅用于安全人员安全测试与研究使用,任何未授权检测造成的直接或者间接的后果及损失,均由使用者本人负责。
- The tool is only used for security testing and research by security personnel. Any direct or indirect consequences and losses caused by unauthorized testing are the responsibility of the user.