CVE-2021-21978

This repository contains a functional exploit for CVE-2021-21978, which targets a path traversal vulnerability in VMware View Planner's log upload functionality. The exploit allows unauthenticated remote code execution by overwriting the `log_upload_wsgi.py` file with malicious content.

This repository contains a functional Go-based exploit for CVE-2021-21978, which allows unauthenticated arbitrary file upload and remote code execution in VMware View Planner Harness 4.X. The exploit crafts a malicious Python script, uploads it via a directory traversal vulnerability, and triggers command execution within a Docker container.

This repository contains a functional exploit for CVE-2021-21978, a remote code execution vulnerability in VMware View Planner. The exploit leverages a path traversal flaw to upload a malicious Python script to a writable directory, which then executes a reverse shell to an attacker-controlled VPS.

The repository contains functional exploit code for multiple vulnerabilities, including CVE-2016-3088 (ActiveMQ arbitrary file write) and CVE-2020-17518 (Apache Flink file upload and directory traversal). The Python scripts demonstrate the vulnerabilities by crafting HTTP requests to exploit the respective flaws.

This Metasploit module exploits an unauthenticated log file upload vulnerability in VMware View Planner 4.6 prior to Security Patch 1, allowing remote code execution as the apache user within the appacheServer Docker container. It uploads a malicious log_upload_wsgi.py file, triggers execution via an OPTIONS request, and restores the original file post-exploitation.