CVE-2021-21972

CVE-2021-21972

Works On

• VMware-VCSA-all-6.7.0-8217866、VMware-VIM-all-6.7.0-8217866 ✔
• VMware-VCSA-all-6.5.0-16613358 ✔

For vCenter6.7 U2+

vCenter 6.7U2+ running website in memory,so this exp can't work for 6.7 u2+.

Need test

• vCenter 6.5 Linux(VCSA)/Window Waiting For Test
• vCenter 6.7 Linux(VCSA)/Window Waiting For Test
• vCenter 7.0 Linux(VCSA)/Window Waiting For Test

Details

1. 漏洞为任意文件上传
2. 存在问题的接口为/ui/vropspluginui/rest/services/uploadova，完整路径（https://domain.com/ui/vropspluginui/rest/services/uploadova）
3. 仓库内的payload文件夹内的tar文件为默认冰蝎3 webshell

Screenshots

Runtime

Success

声明

• 工具仅用于安全人员安全测试与研究使用，任何未授权检测造成的直接或者间接的后果及损失，均由使用者本人负责。
• The tool is only used for security testing and research by security personnel. Any direct or indirect consequences and losses caused by unauthorized testing are the responsibility of the user.