Open mhammadkassem opened 8 months ago
This vulnerability affects the OpenWire protocol of ActiveMQ. I use syncSendPacket since it's the built-in API for sending ActiveMQ messages, it's simpler and straightforward. Of course, you can try another way like crafting a TCP request to ActiveMQ with other languages (capture the packet with Wireshark first, if you are unfamiliar with OpenWire), but you need to process the interaction yourself.
I am trying to use this poc to do the exploit, so far I was able to do the exploit. But for a certain reason I want to check if I can use another method other than syncSendPacket, is it possible ? or this method is mandatory for this vulebrability to be exploited ?