• Stars
    star
    480
  • Rank 91,562 (Top 2 %)
  • Language
    Python
  • Created over 3 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

CVE-2021-21972 Exploit

CVE-2021-21972

CVE-2021-21972

Works On

  • VMware-VCSA-all-6.7.0-8217866、VMware-VIM-all-6.7.0-8217866
  • VMware-VCSA-all-6.5.0-16613358

For vCenter6.7 U2+

vCenter 6.7U2+ running website in memory,so this exp can't work for 6.7 u2+.

Need test

  • vCenter 6.5 Linux(VCSA)/Window Waiting For Test
  • vCenter 6.7 Linux(VCSA)/Window Waiting For Test
  • vCenter 7.0 Linux(VCSA)/Window Waiting For Test

Details

  1. 漏洞为任意文件上传
  2. 存在问题的接口为/ui/vropspluginui/rest/services/uploadova,完整路径(https://domain.com/ui/vropspluginui/rest/services/uploadova
  3. 仓库内的payload文件夹内的tar文件为默认冰蝎3 webshell

Screenshots

Runtime

3.png

Success

1.png

1.png

声明

  • 工具仅用于安全人员安全测试与研究使用,任何未授权检测造成的直接或者间接的后果及损失,均由使用者本人负责。
  • The tool is only used for security testing and research by security personnel. Any direct or indirect consequences and losses caused by unauthorized testing are the responsibility of the user.

More Repositories

1

TongDaOA-Fake-User

通达OA 任意用户登录漏洞
Python
355
star
2

Vm4J

A tool for detect&exploit vmware product log4j(cve-2021-44228) vulnerability.Support VMware HCX/vCenter/NSX/Horizon/vRealize Operations Manager
C#
203
star
3

Dict

一些弱口令、fuzz字典
Roff
199
star
4

AliyunAccessKeyTools

阿里云AccessKey泄漏利用工具
C#
142
star
5

MoAn_Honey_Pot_Urls

X安蜜罐用的一些存在JSonp劫持的API
93
star
6

Frp_modify

修改版FRP
Go
67
star
7

PHPStudy_BackDoor_Exp

PHPStudy_BackDoor_EXP PHPstudy后门利用脚本
Python
60
star
8

easytoyou_script

easytoyou批量解密脚本
Python
50
star
9

Inspur

Inspur vul repo
33
star
10

OneForAll-WebUI

OneForAll-WebUI
PHP
33
star
11

huaweiSwitchCrack

华为交换机批量爆破脚本【WEB+Telnet】
Python
28
star
12

Weaver-OA-E-cology-Database-Leak

泛微OA数据库配置泄漏检测脚本
Python
23
star
13

CVE-2020-14882

CVE-2020-14882/14883/14750
Python
20
star
14

Shack2ToolsWithoutBackdoor

去掉获取系统信息回传到www.shack2.org的工具
C#
17
star
15

NpsCrack

一款适用于爆破NPS服务器的脚本
Python
15
star
16

wooyun-drops-tools

乌云知识库小工具
TSQL
13
star
17

HLV_Keygen

HTTP log viewer keygen
C#
13
star
18

FoFa_Spider

Fofa spider. FOFA爬虫,依赖API
Python
6
star
19

SharpDecodeTools

SharpDecodeTools
C#
6
star
20

msdn_itellyou_cn_python_spider

msdn.itellyou.cn爬虫python版[需要mysql]
Python
5
star
21

thinkphp5.XRce

thinkphp5.*Rce CVE-2018-20062
Python
5
star
22

zhaoyanwang

招研网爬虫
Python
5
star
23

ShadowSocksPanelFiles

SSPanel文件备份
Shell
4
star
24

Telegram_Chinese_Simple_Version

Telegram简中汉化包(基于繁(港)中)
4
star
25

2019-Ciscn-Southern-China-Web

2019年CISCN华南赛区部分web题目备份
PHP
4
star
26

2018-XNUCA

2018年XNUCA部分题库 2018 X-NUCA CTF
PHP
3
star
27

AntiRansomware

An ransomware decryptor tools repository.Welcome to pull request.
2
star
28

FuckingScanner

Fcuking scan bot list
2
star
29

NS-Sp4ce

2
star
30

low-ver-bt

宝塔低版本
1
star
31

AWVS12-Chinese-Translate

AWVS12汉化包
1
star
32

zfpj

正方教务管理系统一键评教
JavaScript
1
star
33

keygen

some keygen
Python
1
star