id: fastjson-version

info:
  name: Fastjson Version Detection
  author: yuansec
  severity: info
  description: If the server returns an exception to the client,The fastjson version will be retrieved,Fastjson versions greater than 1.2.41,Contains the latest version(1.2.76).
  reference:
    - https://blog.csdn.net/caiqiiqi/article/details/107907489
  metadata:
    max-request: 1
  tags: fastjson,tech

http:
  - raw:
      - |
        POST / HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"@type":"java.lang.AutoCloseable"

    matchers:
      - type: word
        words:
          - 'fastjson-version'

    extractors:
      - type: regex
        part: body
        group: 1
        regex:
          - 'fastjson-version.*([0-9]\.[0-9]+\.[0-9]+)'

# digest: 490a0046304402203c405f6363fa11bc2c5f82e49cb873dfbaf8e2f8b22f268418b5a8b56d2d9869022009643c9a17c919ee23ce9b74c3ecea88e253bfeeebb7dd3252f2271168c72a35:922c64590222798bb761d5b6d8e72950