Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

VMware vCenter - Local File Inclusion

By kannthu

High
Vidoc logoVidoc Module
#vmware#lfi#vcenter
Description

VMware vCenter - Local File Inclusion

What is the "VMware vCenter - Local File Inclusion?"

The "VMware vCenter - Local File Inclusion" module is designed to detect a vulnerability in VMware vCenter that allows for local file inclusion. VMware vCenter is a software solution used for managing virtualized environments. This module focuses on identifying misconfigurations or vulnerabilities related to local file inclusion in VMware vCenter.

This module has a severity level of high, indicating that if the vulnerability is present, it can pose a significant risk to the security and integrity of the VMware vCenter environment.

Impact

A successful exploitation of the local file inclusion vulnerability in VMware vCenter can allow an attacker to access sensitive files on the server. This can lead to unauthorized disclosure of sensitive information, such as configuration files or credentials, which can be further exploited by the attacker to gain unauthorized access or perform other malicious activities.

How the module works?

The module sends an HTTP GET request to the target VMware vCenter server, attempting to access the vcdb.properties file using a specific path. The module checks for the presence of certain sensitive information, such as database driver, database type, and password, within the retrieved file. Additionally, it verifies that the HTTP response status is 200, indicating a successful request.

The module tests multiple paths where the vcdb.properties file might be located, including:

- C:\ProgramData\VMware\VMware+VirtualCenter
- C:\Documents+and+Settings\All+Users\Application+Data\VMware\VMware+VirtualCenter
- C:\ProgramData\VMware\vCenterServer\cfg\vmware-vpx

If the module successfully matches the expected sensitive information and receives a 200 status response, it reports a vulnerability related to local file inclusion in VMware vCenter.

Original author: Unknown

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
regex: (?m)^(driver|dbtype|password(\.encrypted...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability