Home

Awesome

CVE-2021-21972

CVE-2021-21972

Works On

For vCenter6.7 U2+

vCenter 6.7U2+ running website in memory,so this exp can't work for 6.7 u2+.

Need test

Details

  1. 漏洞为任意文件上传
  2. 存在问题的接口为/ui/vropspluginui/rest/services/uploadova,完整路径(https://domain.com/ui/vropspluginui/rest/services/uploadova
  3. 仓库内的payload文件夹内的tar文件为默认冰蝎3 webshell

Screenshots

Runtime

3.png

Success

1.png

1.png

声明