Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "VMware vCenter - Local File Inclusion" module is designed to detect a vulnerability in VMware vCenter that allows for local file inclusion. VMware vCenter is a software solution used for managing virtualized environments. This module focuses on identifying misconfigurations or vulnerabilities related to local file inclusion in VMware vCenter.
This module has a severity level of high, indicating that if the vulnerability is present, it can pose a significant risk to the security and integrity of the VMware vCenter environment.
A successful exploitation of the local file inclusion vulnerability in VMware vCenter can allow an attacker to access sensitive files on the server. This can lead to unauthorized disclosure of sensitive information, such as configuration files or credentials, which can be further exploited by the attacker to gain unauthorized access or perform other malicious activities.
The module sends an HTTP GET request to the target VMware vCenter server, attempting to access the vcdb.properties
file using a specific path. The module checks for the presence of certain sensitive information, such as database driver, database type, and password, within the retrieved file. Additionally, it verifies that the HTTP response status is 200, indicating a successful request.
The module tests multiple paths where the vcdb.properties
file might be located, including:
- C:\ProgramData\VMware\VMware+VirtualCenter
- C:\Documents+and+Settings\All+Users\Application+Data\VMware\VMware+VirtualCenter
- C:\ProgramData\VMware\vCenterServer\cfg\vmware-vpx
If the module successfully matches the expected sensitive information and receives a 200 status response, it reports a vulnerability related to local file inclusion in VMware vCenter.
Original author: Unknown