https://github.com/Lonely-night/fastjsonVul

fastjson 80 远程代码执行漏洞复现
https://github.com/Lonely-night/fastjsonVul

Last synced: 4 months ago
JSON representation

fastjson 80 远程代码执行漏洞复现

• Host: GitHub
• URL: https://github.com/Lonely-night/fastjsonVul
• Owner: Lonely-night
• Created: 2022-09-02T18:01:29.000Z (about 3 years ago)
• Default Branch: master
• Last Pushed: 2022-09-07T06:18:46.000Z (about 3 years ago)
• Last Synced: 2024-11-21T14:38:13.777Z (12 months ago)
• Language: Java
• Homepage:
• Size: 269 KB
• Stars: 182
• Watchers: 3
• Forks: 24
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-hacking-lists - Lonely-night/fastjsonVul - fastjson 80 远程代码执行漏洞复现 (Java)

README

          
# fastjson <= 1.2.80 RCE 漏洞复现

##利用条件

- fastjson版本： 1.2.76 <= fastjson < 1.2.83

- 存在groovy依赖

##复现步骤

1.编译attack 模块为 attack-1.jar包

2.在attack-1.jar包所在的目录下执行启用http服务。

`python -m SimpleHTTPServer 8433`

3.运行poc

![image](images/1662101876011-b08585ac-f575-4c11-bb7d-2d09f1296cd1.png)