CVE-2016-3088 PoC — Apache ActiveMQ 输入验证错误漏洞

Source

https://github.com/Ma1Dong/ActiveMQ_putshell-CVE-2016-3088

Associated Vulnerability

Title:Apache ActiveMQ 输入验证错误漏洞 (CVE-2016-3088)
Description:Apache ActiveMQ是美国阿帕奇（Apache）软件基金会的一套开源的消息中间件，它支持Java消息服务、集群、Spring Framework等。 Apache ActiveMQ 5.14.0之前5.x版本的Fileserver Web应用中存在安全漏洞。远程攻击者可通过发送HTTP PUT和HTTP MOVE请求利用该漏洞上传并执行任意文件。

Description

ActiveMQ_putshell直接获取webshell

Readme

# ActiveMQ_putshell-CVE-2016-3088-
ActiveMQ_putshell直接获取webshell

#Usage：
python3 ActiveMQ_putshell.py -u url
![image](https://github.com/gsheller/ActiveMQ_putshell-CVE-2016-3088/blob/master/CVE-2016-3088.jpg?raw=true)

File Snapshot


 [4.0K]  /data/pocs/a415996979a60f48eb1279cf137c93de3fe6d235
├── [3.0K]  ActiveMQ_putshell.py
├── [ 46K]  CVE-2016-3088.jpg
└── [ 229]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!