CVE-2023-33246

This repository contains a proof-of-concept exploit for CVE-2023-33246, a remote code execution vulnerability in Apache RocketMQ. The exploit is executed via a Java JAR file and allows arbitrary command execution on the target system.

This repository contains a working exploit for CVE-2023-33246, a remote code execution vulnerability in Apache RocketMQ versions 5.1.0 and below. The exploit leverages the update configuration function to execute arbitrary commands by crafting a malicious payload.

This repository contains a Java-based exploit for CVE-2023-33246, a remote code execution vulnerability in Apache RocketMQ. The exploit leverages a heartbeat mechanism to trigger command execution and includes a 35-second delay to ensure proper execution and configuration restoration.

This PoC exploits CVE-2023-33246 in Apache RocketMQ by manipulating the `rocketmqHome` property to execute arbitrary commands via command injection. The code demonstrates updating broker configurations with malicious properties to achieve RCE.

This repository contains a Go-based scanner tool designed to fetch RocketMQ broker configurations to detect indicators of compromise related to CVE-2023-33246. It connects to a target host and port, sends a crafted RocketMQ message, and extracts the `rocketmqHome` variable from the response.

This repository contains a scanner tool for detecting CVE-2023-33246, a remote command execution vulnerability in Apache RocketMQ. The tool checks for the presence of the vulnerability and outputs the detected version.

This repository contains a scanner for detecting CVE-2023-33246, a remote code execution vulnerability in Apache RocketMQ versions 5.1.0 and below. The scanner checks for vulnerable versions by querying the RocketMQ broker component.

This repository provides a writeup and setup instructions for CVE-2023-33246, referencing another GitHub repository for the actual exploit. It includes Docker commands to set up a vulnerable environment for Apache RocketMQ.

This repository provides a mitigation demonstration for CVE-2023-33246 in Apache RocketMQ, focusing on enhanced validation of the `RocketmqHome` parameter. It includes a modified `BrokerConfig.java` with additional validation logic and a `Main.java` for testing purposes.

This repository contains a proof-of-concept exploit for CVE-2023-33246, a remote code execution vulnerability in RocketMQ versions 5.1.0 and below. The exploit leverages the update configuration function or forged RocketMQ protocol content to execute arbitrary commands.

This PoC exploits CVE-2023-33246, a deserialization vulnerability in RocketMQ, by sending a crafted payload to trigger remote code execution. The payload includes an interactsh URL for DNS-based interaction verification.

This repository contains source code and documentation for Apache RocketMQ, specifically focusing on the ACL (Access Control List) module. It does not include an exploit PoC but provides context around the vulnerability CVE-2023-33246.

This repository contains a functional PoC exploit for CVE-2023-33246, an RCE vulnerability in Apache RocketMQ. The exploit leverages the UpdateBrokerConfig function to execute arbitrary commands via crafted payloads sent to the RocketMQ broker.

This Metasploit module scans for Apache RocketMQ versions by sending a version request and parsing the response. It does not exploit CVE-2023-33246 but provides version detection, which could be used for vulnerability assessment.

This Metasploit module exploits CVE-2023-33246, a command injection vulnerability in Apache RocketMQ's broker component. It leverages the update configuration function to execute arbitrary commands as the system user running RocketMQ.