Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2020-3956 PoC — VMware Cloud Director 注入漏洞

Source
https://github.com/aaronsvk/CVE-2020-3956
Associated Vulnerability
Title:VMware Cloud Director 注入漏洞 (CVE-2020-3956)
Description:VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.
Description
PoC exploit for VMware Cloud Director RCE (CVE-2020-3956)
Readme
# CVE-2020-3956
PoC exploit for VMware Cloud Director RCE (CVE-2020-3956)

![exploit.png](exploit.png)

Technical advisory is available here:  
https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/
File Snapshot

 [4.0K]  /data/pocs/3e87b77a99174983bc60bcdd5e7a89b7984bed82
├── [ 42K]  exploit.png
├── [5.7K]  exploit.py
└── [ 244]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →