Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

VMware vCenter - Server-Side Request Forgery/Local File Inclusion/Cross-Site Scripting

By kannthu

Critical
Vidoc logoVidoc Module
#ssrf#lfi#xss#oast#vcenter
Description

What is the "VMware vCenter - Server-Side Request Forgery/Local File Inclusion/Cross-Site Scripting" module?

The "VMware vCenter - Server-Side Request Forgery/Local File Inclusion/Cross-Site Scripting" module is designed to detect vulnerabilities in VMware vCenter 7.0.2.00100. This module specifically targets server-side request forgery (SSRF), local file inclusion (LFI), and cross-site scripting (XSS) vulnerabilities. These vulnerabilities can have a critical impact on the security of the VMware vCenter software.

This module was authored by pdteam.

Severity: critical

Impact

If these vulnerabilities are exploited, an attacker could potentially perform unauthorized actions, access sensitive information, or execute malicious code on the affected VMware vCenter server. This could lead to a compromise of the entire virtual infrastructure and the data stored within it.

How does the module work?

The module works by sending a specific HTTP request to the target VMware vCenter server. The request is designed to trigger the vulnerabilities related to server-side request forgery, local file inclusion, and cross-site scripting. The module then analyzes the response from the server and applies matching conditions to determine if the vulnerabilities are present.

One example of an HTTP request used by this module is:

GET /ui/vcav-bootstrap/rest/vcav-providers/provider-logo?url=https://{%InteractionURL%}

The module applies the following matching conditions:

- The request must use the "http" protocol. - The response status code must be 200.

If both matching conditions are met, the module reports the presence of the vulnerabilities.

Reference: https://github.com/l0ggg/VMware_vCenter

Metadata: max-request: 1

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/ui/vcav-bootstrap/r...
Matching conditions
word: httpand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability