CVE-2016-3088 PoC — Apache ActiveMQ 输入验证错误漏洞

Source

https://github.com/cyberaguiar/CVE-2016-3088

Associated Vulnerability

Title:Apache ActiveMQ 输入验证错误漏洞 (CVE-2016-3088)
Description:The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.

Description

Apache ActiveMQ Remote Code Execution Exploit

Readme

# CVE-2016-3088

Apache ActiveMQ Remote Code Execution Exploit

## Description

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.

## Author

* Alexandre Aguiar ([@cyberaguiar](https://cyberaguiar.com))


## Exploit analysis

* [Analysis of Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2016–3088)](https://medium.com/@knownsec404team/analysis-of-apache-activemq-remote-code-execution-vulnerability-cve-2016-3088-575f80924f30)

## References

* https://nvd.nist.gov/vuln/detail/CVE-2016-3088

## Disclaimer

The developer of this script are not responsible for any misuse of this exploit we only encourage the ethical use of this script and to be used only when authorized to do so during a penetration test or similar. Any damages or misuse of this script is the responsibility of the individuals who use them unethically or with the intent to damage property.

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!