Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Lonely-night/fastjsonVul
fastjson 80 远程代码执行漏洞复现
https://github.com/Lonely-night/fastjsonVul
Last synced: about 1 month ago
JSON representation
fastjson 80 远程代码执行漏洞复现
- Host: GitHub
- URL: https://github.com/Lonely-night/fastjsonVul
- Owner: Lonely-night
- Created: 2022-09-02T18:01:29.000Z (about 2 years ago)
- Default Branch: master
- Last Pushed: 2022-09-07T06:18:46.000Z (about 2 years ago)
- Last Synced: 2024-05-13T19:32:23.275Z (4 months ago)
- Language: Java
- Homepage:
- Size: 269 KB
- Stars: 167
- Watchers: 3
- Forks: 22
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - Lonely-night/fastjsonVul - fastjson 80 远程代码执行漏洞复现 (Java)
README
# fastjson <= 1.2.80 RCE 漏洞复现
##利用条件
- fastjson版本: 1.2.76 <= fastjson < 1.2.83
- 存在groovy依赖
##复现步骤
1.编译attack 模块为 attack-1.jar包
2.在attack-1.jar包所在的目录下执行启用http服务。
`python -m SimpleHTTPServer 8433`
3.运行poc
