CVE-2016-3088 PoC — Apache ActiveMQ 输入验证错误漏洞

Source

https://github.com/YutuSec/ActiveMQ_Crack

Associated Vulnerability

Title:Apache ActiveMQ 输入验证错误漏洞 (CVE-2016-3088)
Description:The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.

Description

ActiveMQ系列漏洞探测利用工具，包括ActiveMQ 默认口令漏洞及ActiveMQ任意文件写入漏洞（CVE-2016-3088），支持批量探测利用。

Readme

# ActiveMQ_Crack
## 概述
ActiveMQ系列漏洞探测利用工具，包括ActiveMQ 默认口令漏洞及ActiveMQ任意文件写入漏洞（CVE-2016-3088），支持批量探测利用。
## 使用方法
批量探测：文件中逐行写入需要检测的URL，参数-TF 指定文件 -t 并发数量

单个目标探测：-T http://x.x.x.x
## 执行效果
![ddf9b675ad6b40b03bafc705123a6be](https://user-images.githubusercontent.com/41934714/161375600-c2680025-3138-4f22-b49f-1fd134d97f7b.png)
##### 玉兔安全致力于web安全、红蓝对抗、内网渗透、免杀技巧、安全工具系列干货分享。更多安全工具分享，欢迎关注玉兔安全公众号！
![image](https://user-images.githubusercontent.com/41934714/157003667-2745fd4b-950f-4b1f-8c9f-28b30e46c9b3.png)

File Snapshot


 [4.0K]  /data/pocs/8be15bff667de63f62ccc5b920bf56898c2958b1
├── [4.0K]  DataHandle
│   ├── [2.3K]  Check.go
│   ├── [2.7K]  Data.go
│   ├── [1.2K]  flag.go
│   ├── [ 363]  Readfiel.go
│   ├── [1.2K]  Request.go
│   └── [ 314]  Scan.go
├── [ 218]  go.mod
├── [1.1K]  go.sum
├── [  95]  main.go
├── [ 785]  README.md
└── [ 467]  url.txt

1 directory, 11 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!