CVE-2021-21978 PoC — VMware View Planner 代码问题漏洞

Source

https://github.com/GreyOrder/CVE-2021-21978

Associated Vulnerability

Title:VMware View Planner 代码问题漏洞 (CVE-2021-21978)
Description:VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.

Description

CVE-2021-21978 exp

Readme

# CVE-2021-21978
CVE-2021-21978 RCE exp

影响版本
VMware View Planner Harness 4.X

与 CVE-2021-21978 类似，该漏洞可以在未授权访问的情况下，上传任意文件，并通过修改自带 py 脚本实现远程代码执行。
值得注意的是，执行命令是在 docker 容器中，并不是直接在系统中执行。

用法：

```
go run CVE-2021-21978.go -h <target ip> -c <cmd>
```

<img src="https://raw.githubusercontent.com/GreyOrder/CVE-2021-21978/main/example.png">

File Snapshot


 [4.0K]  /data/pocs/83af78e83827103e3bb44fc3ceabce23914a9c58
├── [6.2K]  CVE-2021-21978.go
├── [9.1K]  example.png
└── [ 497]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!