Update CVE-2023-46604.rb

Correct documentation. * ActiveMQ OpenWire, not AMQP.
ronin-rb · May 18, 2024 · 91ecadc · 91ecadc
1 parent f5db32b
commit 91ecadc
Showing 1 changed file with 7 additions and 4 deletions.
diff --git a/exploits/activemq/CVE-2023-46604.rb b/exploits/activemq/CVE-2023-46604.rb
@@ -121,7 +121,8 @@ def test
       STRING_TYPE      = 9
 
       #
-      # Builds the malicious AMQP message and XML payload that will be served later.
+      # Builds the malicious OpenWire ActiveMQ message and XML payload that will
+      # be served later.
       #
       def build
         @web_host = params[:web_host]
@@ -166,8 +167,8 @@ def build
       end
 
       #
-      # Sends the malicious AMQP message and starts a web server, which hosts
-      # the XML payload and receives the exfiltrated file.
+      # Sends the malicious ActiveMQ OpenWire message and starts a web server,
+      # which hosts the XML payload and receives the exfiltrated file.
       #
       def launch
         queue     = Thread::Queue.new
@@ -224,7 +225,9 @@ def cleanup
       private
 
       #
-      # we're taking the easy way out by not parsing the whole message, just finding the
+      # Extracts the provider version from the ActiveMQ OpenWire message.
+      #
+      # We're taking the easy way out by not parsing the whole message, just finding the
       # `ProviderVersion` property and pulling it out of the message.
       #
       # @return [String, nil]