Coder Social home page Coder Social logo

cve-2021-21972's Introduction

CVE-2021-21972

CVE-2021-21972

Works On

  • VMware-VCSA-all-6.7.0-8217866、VMware-VIM-all-6.7.0-8217866 ✔
  • VMware-VCSA-all-6.5.0-16613358 ✔

For vCenter6.7 U2+

vCenter 6.7U2+ running website in memory,so this exp can't work for 6.7 u2+.

Need test

  • vCenter 6.5 Linux(VCSA)/Window Waiting For Test
  • vCenter 6.7 Linux(VCSA)/Window Waiting For Test
  • vCenter 7.0 Linux(VCSA)/Window Waiting For Test

Details

  1. 漏洞为任意文件上传
  2. 存在问题的接口为/ui/vropspluginui/rest/services/uploadova,完整路径(https://domain.com/ui/vropspluginui/rest/services/uploadova
  3. 仓库内的payload文件夹内的tar文件为默认冰蝎3 webshell

Screenshots

Runtime

3.png

Success

1.png

1.png

声明

  • 工具仅用于安全人员安全测试与研究使用,任何未授权检测造成的直接或者间接的后果及损失,均由使用者本人负责。
  • The tool is only used for security testing and research by security personnel. Any direct or indirect consequences and losses caused by unauthorized testing are the responsibility of the user.

cve-2021-21972's People

Contributors

ns-sp4ce avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

0xf4n9x freefv limpid94 dycsy wayc0des-land ronoski rvrsh3ll crackercat chtaylo2 askyeye weiwhy daybr4ak imjdl kkwwqqa hackerxj007 raystyle msf-ntdll slowmistio xingxingdangkongzhao 1f3lse thanhuutuan starkchristmas xiaoeryu1 leovon bb33bb fengyuhetao bravery9 jtsamas agelovito punittailor55 ahrendsschmidt sslvtao wouijvziqy zu1kbackup ch0ing ox01024 mad-robot pyking yshdxm fengjixuchui itiki 0x0kasaku udyz geidalaodicha jackqian123 ekko-zhao ba1ma0 bay1ts selfevo go-bi qmf0c3uk zzy1d 0xtract0r mmioimm swagkarna flaviupopescu fadinglr lsr00ter no952712138 oxehh6 taiji-xo ironmole666 devilmaycrying ttuanhung cuteghost6 willsonch p0llock gh0st0ne asll666 yishu1980 wooluo xunnun sry309 douglas88 419066074 prsood cuencalife fbion mmhhqwe deepwebhacker woozz2 endual iceware jeremychiang1992 jimdx ap1e ltvthang mrnait fdlucifer klm-sketch polarpeak darknesschieftain dadzz 5l1v3r1 tai-rex rockmelodies viracall ffsfwnuiaww wecool apwgss

cve-2021-21972's Issues

JSP base directory probably not generic

Hello,
Thanks for the PoC, I aws looking at Linux.tar file that contains the directory where the webshell should be written.
By testing on 6.7 unpatched servers, it's not getting JSP compilation/execution that easily (and strace/find does not give up that easily a proper webapps path).

Cheers

提示成功,访问404

RT:

C:\Users\test\Desktop\CVE-2021-21972-main>python CVE-2021-21972.py -url 10.10.10.10

            Test On vCenter 6.5 Linux/Windows
                    By: Sp4ce
                    Github:https://github.com/NS-Sp4ce

[] Check https://10.10.10.10 is vul ...
[!] https://10.10.10.10 IS vul ...
[] Trying linux payload...
[+] Shell upload success, now check is shell exist...
[-] Shell upload success, BUT NOT EXIST, trying windows payload...

C:\Users\test\Desktop\CVE-2021-21972-main>

手动上传tar包测试,linux的返回“SUCCESS”,windows返回“FAILED”
但是访问shell地址还是404

访问不到上传的webshell

搭了个环境试了一下,版本如下。

image

image

看了一下vCenterServer,文件是有上传成功的。

image

重启vCenterServer后等待一段时间还是访问不到这个文件。

image

时版本对不上吗?还是哪里操作有误 o.0?

404 Problem

after I connect to the webshell with Behinder,i upload a new cmd.jsp by benhider,i can see the new cmd.jsp in file manager of behinder,but it returns 404,no matter i use behinder or browser to connect cmd.jsp,i do not understand,please give me a hand,thanks so much.

number of folder

/usr/lib/vmware-vsphere-ui/server/work/deployer/s/global/NUMBER/0/h5ngc.war/resources/
why you choosed NUMBER=41 in tar file? it depends of what?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.