Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "VMware vCenter - Server-Side Request Forgery/Local File Inclusion/Cross-Site Scripting" module is designed to detect vulnerabilities in VMware vCenter 7.0.2.00100. This module specifically targets server-side request forgery (SSRF), local file inclusion (LFI), and cross-site scripting (XSS) vulnerabilities. These vulnerabilities can have a critical impact on the security of the VMware vCenter software.
This module was authored by pdteam.
Severity: critical
If these vulnerabilities are exploited, an attacker could potentially perform unauthorized actions, access sensitive information, or execute malicious code on the affected VMware vCenter server. This could lead to a compromise of the entire virtual infrastructure and the data stored within it.
The module works by sending a specific HTTP request to the target VMware vCenter server. The request is designed to trigger the vulnerabilities related to server-side request forgery, local file inclusion, and cross-site scripting. The module then analyzes the response from the server and applies matching conditions to determine if the vulnerabilities are present.
One example of an HTTP request used by this module is:
GET /ui/vcav-bootstrap/rest/vcav-providers/provider-logo?url=https://{%InteractionURL%}
The module applies the following matching conditions:
- The request must use the "http" protocol. - The response status code must be 200.If both matching conditions are met, the module reports the presence of the vulnerabilities.
Reference: https://github.com/l0ggg/VMware_vCenter
Metadata: max-request: 1