CVE-2021-21972
CVE-2021-21972
Test On
- VMware-VCSA-all-6.7.0-8217866、VMware-VIM-all-6.7.0-8217866 On 2021-02-24 ✔
- vCenter 6.5 Linux/Window Waiting For Test
- vCenter 6.7 Linux/Window Waiting For Test
- vCenter 7.0 Linux/Window Waiting For Test
Details
- 漏洞为任意文件上传
- 存在问题的接口为
/ui/vropspluginui/rest/services/uploadova
,完整路径(https://domain.com/ui/vropspluginui/rest/services/uploadova
) - 仓库内的
payload
文件夹内的tar
文件为默认冰蝎3 webshell
Screenshots
声明
- 仅供安全研究