0day/00-CVE_EXP/CVE-2021-21972

CVE-2021-21972

Works On

• VMware-VCSA-all-6.7.0-8217866、VMware-VIM-all-6.7.0-8217866 ✔
• VMware-VCSA-all-6.5.0-16613358 ✔

For vCenter6.7 U2+

vCenter 6.7U2+ running website in memory,so this exp can't work for 6.7 u2+.

Details

1. issue url /ui/vropspluginui/rest/services/uploadova，完整路径（https://domain.com/ui/vropspluginui/rest/services/uploadova）
2. payload文件夹内的*.tar文件为冰蝎3 webshell