2021-11-04 21:37:43 +00:00
id : fastjson-version
2021-11-04 12:36:06 +00:00
info :
2021-11-04 12:46:29 +00:00
name : Fastjson Version Detection
author : yuansec
severity : info
description : If the server returns an exception to the client,The fastjson version will be retrieved,Fastjson versions greater than 1.2.41,Contains the latest version(1.2.76).
2021-11-04 21:37:43 +00:00
reference : https://blog.csdn.net/caiqiiqi/article/details/107907489
tags : fastjson,tech
2021-11-04 12:36:06 +00:00
requests :
- raw :
- |
POST / HTTP/1.1
Host : {{Hostname}}
Content-Type : application/json
2021-11-04 12:46:29 +00:00
{"@type" : "java.lang.AutoCloseable"
2021-11-04 12:36:06 +00:00
2021-11-05 09:54:58 +00:00
matchers :
- type : word
words :
- 'fastjson-version'
extractors :
2021-11-05 06:40:25 +00:00
- type : regex
2021-11-04 21:37:43 +00:00
part : body
2021-11-05 09:54:58 +00:00
group : 1
regex :
2021-11-05 06:40:25 +00:00
- 'fastjson-version.*([0-9]\.[0-9]+\.[0-9]+)'