ActiveMQ漏洞( CVE-2016-3088) 验证
2017-02-09 16:24
579 查看
注:学习记录 完成文件上传,文件mv
参考学习网址:http://www.lofter.com/tag/CVE-2016-3088
官方描述:http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt
第一步: 访问 http://192.168.10.4:8161/fileserver/
第二步: 获取部署路径: 使用火狐 重新编辑 使用PUT 重新发送包: http://192.168.10.4:8161/fileserver/a../test
eg:
第三步: 上传文件
第四步: 移动文件位置
上传成功验证输入 http://192.168.10.4:8161/admin/test.jsp 访问
参考学习网址:http://www.lofter.com/tag/CVE-2016-3088
官方描述:http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt
CVE-2016-3088 - ActiveMQ Fileserver web application vulnerabilities锘� Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache ActiveMQ 5.0.0 - 5.13.x Description: Multiple vulnerabilities have been identified in the Apache ActiveMQ Fileserver web application. These are similar to those reported in CVE-2015-1830 and can allow attackers to replace web application files with malicious code and perform remote code execution on the system. Mitigation: Fileserver feature will be completely removed starting with 5.14.0 release. Users are advised to use other FTP and HTTP based file servers for transferring blob messages. Fileserver web application SHOULD NOT be used in older version of the broker and it should be disabled (it has been disabled by default since 5.12.0). This can be done by removing (commenting out) the following lines from conf\jetty.xml file <bean class="org.eclipse.jetty.webapp.WebAppContext"> <property name="contextPath" value="/fileserver" /> <property name="resourceBase" value="${activemq.home}/webapps/fileserver" /> <property name="logUrlOnStart" value="true" /> <property name="parentLoaderPriority" value="true" /> </bean> Credit: This issue was discovered by separated reports of Simon Zuckerbraun and Andrea Micalizzi (rgod) of Trend Micro Zero Day Initiative
第一步: 访问 http://192.168.10.4:8161/fileserver/
第二步: 获取部署路径: 使用火狐 重新编辑 使用PUT 重新发送包: http://192.168.10.4:8161/fileserver/a../test
eg:
第三步: 上传文件
第四步: 移动文件位置
上传成功验证输入 http://192.168.10.4:8161/admin/test.jsp 访问
相关文章推荐
- Linux内核通杀提权漏洞CVE-2016-5195验证
- ActiveMQ任意文件写入漏洞(版本在5.12.X前CVE-2016-3088)
- ActiveMQ 后台拿shell CVE-2016-3088 (价值3500刀) -- 2016-07-04 17:07
- Linux内核通杀提权漏洞CVE-2016-5195 - 内核升级方法
- Oracle的酒店管理平台RCE漏洞以及持卡人数据泄漏(CVE-2016-5663/4/5)
- DirtyCow Linux权限提升漏洞分析(CVE-2016-5195)
- CVE-2016-1000031 Apache Commons FileUpload 反序列化漏洞深入分析
- Apache Tomcat信息泄露漏洞(CVE-2016-8745)
- Nexus 9 摄像头驱动中的信息泄漏漏洞(CVE-2016-3794)分析
- CVE-2016-8655,af_packet Linux 內核通殺提權漏洞淺析
- jackson-dataformat-xml XXE漏洞(CVE-2016-3720)
- CVE-2016-0143 漏洞分析(2016.4)
- 危害9亿安卓设备高通漏洞细节曝光(CVE-2016-3842,含POC)
- CVE-2016-10190 FFmpeg Http协议 heap buffer overflow漏洞分析及利用
- PHPMailer 命令执行漏洞(CVE-2016-10033)分析
- 体验ImageMagick 命令执行漏洞(CVE-2016–3714)的PoC
- MySQL远程代码执行(CVE-2016-6662)漏洞预警
- 使用Docker搭建Nginx整数溢出漏洞(CVE-2017-7529)及Python PoC验证